One of the major news that’s been around lately is the infamous Facebook’s security breach. Earlier Facebook was regaining from its fall due to the Cambridge Analytical scandal. But it seems like a truly bad year for Facebook with more and more privacy or security issues.
More news regarding this Facebook security breach?
Basically, since July of 2017, the Facebook website has been undergoing this security breach. But unfortunately Facebook was able to find out only during September 2018 about the breach.
On the 16th of September, 2018, Facebook had noticed certain unusual activities on its website. But as mentioned earlier, Facebook was a bit too late to have noticed their mistake. Due to this mistake, the hackers were prone to all the users’ data. And the worst thing being, Facebook is not exactly aware as to when this hack had begun.
It was because of this security breach that Facebook had logged out all of its users. The users were logged out for a while from their Facebook accounts. This technically means that about 90 million users have been logged out of their accounts. This includes both on the mobile devices as well as on the PCs or laptops.
Also, the Instagram accounts which were linked with the users’ Facebook accounts were also logged out automatically. The same applied to Facebook Messenger users as well.
But WhatsApp has not been attacked in anyway, so that’s one small good news.
What has been the loss of this hack?
Facebook has agreed that at least about 50 million users’ data have been hacked. The company also preventively secured 40 million additional accounts out of an abundance of caution.
According to TechCrunch, “Facebook CEO Mark Zuckerberg said that the company has not seen any accounts compromised and improperly accessed — although its early days and that may change. But Zuckerberg said that the attackers were using Facebook developer APIs to obtain some information. This included “name, gender, and hometowns” that’s linked to a user’s profile page.”
But at the same time, Facebook tells that the users’ private messages were not accessed. There are certain investigations taking place regarding this issue by the FBI. Hence, one could be sure of the amount of data being lost only after the results of the investigation.
Who were these hackers?
The actual whereabouts of the hackers have not yet been found. But so far, it is rumored that Russia could be behind the security breach.
The reason behind this speculation is clearly put by TechCrunch. It says so on their blog that,
“However, Facebook has in the past found evidence of Russia’s attempts to meddle in American democracy and influence our elections. But it’s not to say that Russia is behind this new attack. Attribution is incredibly difficult and takes a lot of time and effort. It took FBI more than two years to confirm that North Korea was behind the Sony hack of 2016. So we might be in for a long wait.”
These hackers had easy access to not one but three bugs. This was the root cause for so much of data being available to them.
In July 2017, Facebook inadvertently introduced three vulnerabilities in its video uploader, said Guy Rosen. You could use the “View As” feature to view your profile as someone else. Bu using this, it would often appear when it actually shouldn’t. When it appeared, it generated an access token using the person who the profile page was being viewed as. If that token was obtained, an attacker could log into the account of the other person.
More Insight –
Facebook’s words on this matter –
Guy Rosen, who is Facebook’s Vice President of the Product Management department, says the following on the matter –
“So the vulnerability was on Facebook, but these access tokens enable someone to use [a connected account] as if they were the account holder themselves — this does mean they could have access other third party apps that were using Facebook login.
Now that we have reset all of those access tokens as part of protecting the security of people’s accounts, developers –
Will be able to detect that those access tokens has been reset,
Identify those users, and
As a user, you will simply have to log in again into those third party apps.
The vulnerability was on Facebook itself and we’ve yet to determine, given the investigation is really early, [what was] the exact nature of misuse and whether there was any access to Instagram accounts, for example.”
Has the problem been solved? What is the remedy?
Apparently according to Facebook, the hack seems to have been resolved. They began to reset the tokens of the users in order to help the people secure their respective Facebook accounts.
Once you log back into your Facebook account, you can go to your account’s security and login page, which lets you see where you’ve logged in. You could have had your access tokens revoked. This makes you log in again and you could see only the devices that you logged back in with.
You could also delete your account altogether or simply change your password and make it more secure for the future. Also, you could turn on the Two Factor Authentication feature for better security of your account.
If you know your Facebook account was affected by the breach, it’s wise to check for suspicious activity. You can do this on Facebook through the Security and Login menu. You can always find the link to “Log Out Of All Sessions” by scrolling toward the bottom of the page.