In a case of massive breach of privacy and data, the most popular social media namely, Facebook (FB) has admitted to having a “security issue” with nearly “50 million accounts” and confirmed that their “access tokens” has been compromised. Hackers have reportedly fetched “digital keys” which allows a user to stay logged in on Facebook for a long period of time without logging in every time a user uses the application.
Moreover, “We patched the issue last night and are taking precautionary measures for those who might have been affected,” Facebook CEO Mark Zuckerberg said in a call with reporters. Further, he argued that, attackers exploited a weakness that enabled them to hijack the accounts of nearly 50 million users. Significantly, The company’s initial investigation has not indicated that the hackers were able to access private messages, change any information, or post to accounts. He said the hackers “did try to query our APIs—name, gender, hometown, etc. we do not yet know if any private information was accessed this way.”
Read here, Additional Technical Details
However, FB is already facing widespread criticism by many ways for how it handles users’ data—CEO Mark Zuckerberg testified in front of several Congressional committees about the Cambridge Analytica scandal, in which third parties were found to be scraping Facebook data and using it to target ads. FB has also been allowing advertisers to target users based on mobile phone numbers that users gave the company for security purposes.
A white-hat hacker briefly promised to livestream his bid to hack into Mark Zuckerberg’s Facebook account on Sunday, September 30th. “Broadcasting the deletion of FB founder Zuck’s account,” Chang Chi-yuan told his 26,000-plus followers on the social network, adding: “Scheduled to go live.” By Friday afternoon, the stream had been cancelled. Nytimes.
Meanwhile, Facebook’s vice president of product management said that, “Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else,”. Here is the action we have already taken. First, we’ve fixed the vulnerability and informed law enforcement. Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security.
We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to FB, or any of their apps that use its Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened. Third, we’re temporarily turning off the “View As” feature while we conduct a thorough security review.Start Writing
Thus, Facebook was already hit with data breach issue earlier this year. Personal information of about 87 million Facebook users, mostly in the US, may have been improperly shared with the UK-based political consulting firm Cambridge Analytica, It had revealed as it announced a slew of measures to address its users’ privacy concerns in April. Over half a million of the users whose personal data might have been compromised are from India.
Read Also, Right to Privacy: Indian Approach
Facebook’s vice president of product management added in a blog post that, “People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened. There’s no need for anyone to change their passwords. But people who are having trouble logging back into FB — for example because they’ve forgotten their password — should visit our Help Center. And if anyone wants to take the precautionary action of logging out of Facebook, they should visit the “Security and Login” section in settings. It lists the places people are logged into Facebook with a one-click option to log out of them all”.
Despite all of this, The self-proclaimed bug bounty hunter is a minor celebrity in Taiwan who’s appeared on talk shows and was reportedly sued by a local bus operator after breaching their systems to nab a ticket for just NT$1 (3 cents). Earlier this month, Chi-yuan shared a screenshot showing an Apple Pay loophole he’d found that allowed him to pay NT$1 for 500 iPhones. His other claims include cyber-attacks on Apple and Tesla, and he’s also listed on Japanese messaging giant Line’s 2016 bug-hunters’ hall of fame. Today, Chang Chi-yuang confirmed to Media that the planned attack and livestream had been cancelled and the bug reported to Facebook. “I am canceling my live feed, I have reported the bug to Facebook and I will show proof when I get bounty from Facebook,”.