For users, Facebook’s revelation of a data breach that gave attackers access to 50 million accounts raises an important question: What happens next?
For the owners of the affected accounts, and of another 40 million that Facebook considered at risk, the first order of business may be a simple one: sign back into the app. Facebook logged everyone out of all 90 million accounts in order to reset digital keys the hackers had stolen – keys normally used to keep users logged in, but which could also give outsiders full control of the compromised accounts.
The next game is due to the fact that Facebook is still on the lookout for users to continue investigating and users’ accounts have been targeted by hackers.
What Facebook knows so far is that hackers can access up to 50 million accounts and use three different bugs in the Facebook code, allowing them to technically play these digital keys known as ve access tokens Facebook. This says the bugs are fixed.
Security experts said that users do not need to change their Facebook passwords.
But Facebook does not know who is behind the attacks or where they are located. In a call to reporters on Friday, CEO Mark Zuckerberg, whose account had been compromised, said attackers could view private messages or send someone to his account, but there was no indication of what they were doing.
. We don’t know that any of the accounts are really being misused, Z said Zuckerberg.
Hack is Facebook’s latest collapse during turbulent security issues and privacy issues. Up to now, none of these problems has shaken the trust of the company’s 2 billion global users.
This latest hack contained errors in Facebook’s View As feature. This allows people to see how their profile looks to others. Attackers used this vulnerability to steal access tokens from the accounts of their searchers by using the “Show As” feature. The attack was then moved from one user’s Facebook friend to another. The availability of these tokens will allow attackers to check these accounts.
One of the errors was more than a year and influenced how Facebook interacted with the video upload feature to post Facebook’s Facebook birthday du messages and Facebook’s product management vice president Guy Rosen said. However, until mid-September, Facebook did not realize that there was a difference in an extraordinary event, and not until this week, Rosen learned the attack.
Rosen has not yet been able to determine whether certain accounts are specific targeting. “Looks wide. And we don’t yet know who is behind these attacks and where they can stand. ”
Rosen neither stolen passwords nor credit card data. The company warned the FBI and regulators in the United States and Europe.
Jake Williams, a security expert at Rendition Infosec, said he was concerned that hacking might affect third-party applications.
Williams said the company’s yapabil Facebook Login er feature is able to log in to other applications and websites with users’ Facebook credentials. Göster These stolen access icons indicate that when a user logs in to Facebook and a user’s account is sufficient to access a third-party site, “he said.
Facebook recently confirmed Friday that third-party applications, including its Instagram application, were affected.
Ros This vulnerability was on Facebook, but these access tokens enabled someone to use the account as if it were the account holder, güvenlik Rosen said.
Earlier this year, a data analysis firm employed by the Trump campaign Cambridge Analytica came to the news that millions of user profiles had incorrect access to personal data. Later, a congressional investigation found that representatives from Russia and other countries had published false political advertisements at least since 2016. Zuckerberg appeared in April at a congress session focusing on Facebook’s privacy practices.
The Facebook error resembles a larger attack on Yahoo, where attackers seized around 3 billion accounts for half the population worldwide. The information played on Yahoo contained names, e-mail addresses, phone numbers, birth and security questions, and answers. For several years he was one of a number of Yahoo hackers.
US prosecutors later accused Russian agents of using information they had stolen to spy on Russian journalists, US and Russian government officials, and financial services and other private sector employees.
In the Facebook case, it might be too early to know how intrusive the attackers are and whether they are connected to a nation-state, says Thomas Rid, professor at Johns Hopkins University. Rid said it could be spammers or criminals.
Kadar Nothing we see here is too complicated to require a state actor, Rid said Rid. ”The fifty million random Facebook accounts are not engaging for any intelligence agency.“
Legal warning !
The information, comments and suggestions there are not covered by investment advice. It is based on the author's personal opinions. These views may not fit your financial situation and risk and return preferences. For this reason, based solely on this information, investment decisions may not have the appropriate consequences for your expectation. Our Site is not responsible for any direct or indirect damages incurred by the investors as a result of the use of the information on the Site, deficiencies in the sources, damages incurred by profit, moral damages, or damage to third parties.