<div style="margin:20px 0 0 200px"> To view the site, enable JavaScript by changing your browser options, then <a href="">Try Again</a>.</div>

Quick look at the 10 facts you need to know about the latest Facebook hack

03 Oct, 2018
Quick look at the 10 facts you need to know about the latest Facebook hack

The last week of September witnessed the biggest security breach of Facebook so far. Facebook disclosed of a massive hack where attackers gained access token of 50 million accounts bypassing security measures and potentially giving them full control of both the profiles and the linked apps. Another 40 million profiles are considered at risk by Facebook.

  1. According to Facebook, the vulnerability allowed hackers to steal secret access tokens that could then be used to directly access users' private information without requiring their original account password or validating two-factor authentication code.
  2. Digital keys are normally used to keep users logged in, but this could also give outsiders full control of the compromised accounts. Facebook logged all 90million accounts out in order to reset digital keys the hackers had stolen.
  3. The flaw was in the site's "view as" and video uploader feature which was exploited to gain access to the account by the bug that forced Facebook to reset access tokens for 50 million users who are affected and those 40million users at risk as a precaution.
  4. There were 3 distinct bugs thatwere used to accomplish the attack:
    • One of the bugs was more than a year old and affected how the "View As" feature interacted with Facebook's video uploading feature for posting "happy birthday" messages
    • The second bug was in the video uploader that incorrectly generated an access token that had permission to log into the Facebook mobile app, which is otherwise not allowed.
    • The third bug was that the generated access token was not for you as the viewer, but for the user that you were looking up, giving attackers an opportunity to steal the keys to access an account of the person they were simulating.
  5. The hack could have affected third party applications including its own Instagarm app. Company's "Facebook Login" feature lets users log into other apps and websites with their Facebook credentials. This incident, where access tokens were stolen showed when a user is logged into facebook, it is enough to access a user's account on a third party site.
  6. Though your Facebook account password has not been compromised but that is not a reason you should be relieved. Because, hackers don't need it anymore to access your account. An application or an attacker can use millions of secret access tokens to programmatically fetch information from each account using an API, without actually having your password or two-factor authentication code.
  7. As the flaw was a year old, it is still not clear how many accounts and what personal information has gone into the hands of hackers before Facebook detected the breach. The vulnerability had left wide open all your personal information including private messages, photos, videos to hackers.
  8. According to Facebook, it has fixed the vulnerability and notified law enforcement officials. But company officials are still in darkness regarding the identity or the origin of the attackers or even the scope of the attack if particular users were targeted.
  9. Facebook could face up to $1.63 Billion fine for latest hack under GDPR. GDPR contains recommendations that companies store as little user data as necessary, potentially exposing Facebook to higher liability.
  10. Facebook shares dropped more than 3% on the news, and it set off another round of news reports that reminded people about Cambridge Analytica, Russian propaganda, Myanmar violence and more.

This incident clearly has caused a crisis of faith on Facebook among people. People are also raising question like, isn't Facebook too irresponsible to be an unquestioned staple of our daily life?

Read Other Articles

Read All Articles »
Top certifications in cyber security industry
Top certifications in cyber security industry
Read Details »
Android Pie is here! Let's enjoy a slice
Android Pie is here! Let's enjoy a slice>
Read Details »
Building a career in IoT: A thorough guide
Building a career in IoT: A thorough guide
Read Details »
The mystery of UIDAI : Who & Why!! Is it a threat? A detailed discussion
The mystery of UIDAI : Who & Why!! Is it a threat? A detailed discussion
Read Details »
Top 5 cyber security jobs in the age of Cyber Disruption
Top 5 cyber security jobs in the age of Cyber Disruption
Read Details »
Top Cyber Security trends of 2018
Top Cyber Security trends of 2018
Read Details »
A severe vulnerability in Signal desktop app allowing hackers to steal chats in plaintext without any user interaction
A severe vulnerability in Signal desktop app allowing hackers to steal chats in plaintext without any user interaction
Read Details »
Cambridge Analytica and Facebook Controversy: What happened so far?
Cambridge Analytica and Facebook Controversy: What happened so far?
Read Details »
Equifax identifies an additional 2.4 million U.S. consumers affected by the massive data breach of 2017
Equifax identifies an additional 2.4 million U.S. consumers affected by the massive data breach of 2017
Read Details »
Severe flaw in µTorrent can let hackers to control your PC remotely
Severe flaw in µTorrent can let hackers to control your PC remotely
Read Details »
Cyber Criminals are turning into Cryptominers, Dominating Cyber Threat Landscape
Cyber Criminals are turning into Cryptominers, Dominating Cyber Threat Landscape
Read Details »
Android Banking Trojan targets over 232 banking apps, including Indian banks
Android Banking Trojan targets over 232 banking apps, including Indian banks
Read Details »
Private end-to-end encrypted Whatsapp group chats are not secured anymore!
Private end-to-end encrypted Whatsapp group chats are not secured anymore!
Read Details »
Top Cyber Attacks In 2017
Top Cyber Attacks In 2017
Read Details »
>
<

Hacking Tools

Explore All Hacking Tools »
UFTP - UDP based FTP with encryption
UDP based FTP with encryption

UFTP is an encrypted multicast file transfer program for secure, reliable & efficient transfer of files. It also helps in data distribution over a satellite link.

Read Details

Breaking News

Breaking News Of Each Month »
ATMs turn into Jackpot machines!
ATMs turn into Jackpot machines!

At least six attacks have taken place within the last week. They ranged in location from the Pacific Northwest to the Gulf region to New England. Thieves have stolen over $1 million in attacks so far.

Read Details