The Facebook hack may be the work of spammers, not a nation-state affiliated group, according to a report. The Wall Street Journal reported last week that, according to anonymous sources familiar with Facebook Inc.’s internal investigation, the hack of 30 million users was the work of spammers, not a nation-state as previously assumed.
Facebook has been investigating the hack since it discovered the incident in late September and is working with the FBI on the criminal portion of the investigation. The social media giant last week found that the attack affected 30 million user accounts, which is 20 million less than the original estimate.
Read more about this developing story on TechTarget.
Facebook could face potentially billions in fines under GDPR for the latest data breach which impacted roughly 50 million accounts. It took mere hours before class-action lawsuits were filed against Facebook for failing to protect user data.
Businesses in the EU are held accountable under the General Data Protection Regulation (GDPR), which came into effect May 25. If Facebook is found to be in breach of GDPR for failing to adequately protect user data over this incident, the company faces a fine of up to €20 million or 4 percent of annual global turnover, whichever is higher. Based on Facebook’s financial results for the last fiscal year, the fine could be up to $1.63 billion.
Last Friday, Facebook’s VP of product management Guy Rosen, coordinating with a Facebook post by founder Mark Zuckerberg, said the company discovered someone had abused access tokens for 50 million users on Tuesday afternoon. While the impacted accounts only represent a small fraction of the billions of monthly active users worldwide, the incident is still significant, as the abused tokens enable full access to a person’s account.
According to Rosen, the attackers targeted Facebook’s ‘View As’ feature, which allows users to view their profile as someone else. “Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” Rose wrote.
Read more about the Facebook breach affecting 50 million accounts on CSO.
Facebook is following through on a massive app investigation and audit promised by CEO Mark Zuckerberg back in March following the Cambridge Analytica scandal. In an update posted this week, Facebook said it has investigated thousands of apps and suspended “around 200” while it inspects them.
The company is taking a closer look at apps that had access to large amounts of information prior to policy changes it made in 2014. That year, Facebook implemented restrictions to limit the amount of data apps could access. Before 2014, apps didn’t need to request permission to collect data on users’ friends. After 2014, friends had to consent for their data to be collected. These limitations prevent the extensive data collection of apps like the personality quiz created by Aleksandr Kogan, who shared his trove of information on millions of Facebook users with Cambridge Analytica.
Read more about Facebook’s massive app investigation that was prompted by the Cambridge Analytica scandal on DarkReading.
Necessity is the mother of invention. It appears that scandal may be a mother of innovation. Scrambling in the wake of the Cambridge Analytica scandal — in which at least 87 million users had their personal data harvested without their knowledge or consent — Facebook is considering offering an ad-free subscription plan. The subscription would allow users who value privacy to use the social media platform without having their data harvested and would provide an alternative revenue stream to the tech giant.
Read how Facebook is considering going a subscription-based service after the recent Cambridge Analytica data breach on The New American.
Earlier this year, Facebook CEO Mark Zuckerberg talked about fixing Facebook’s biggest problems this year. Maybe it was a hint of the fire that was about to spark in the coming months–soon to be followed by apology tours, congressional testimony, and finally big changes to win back people’s trust.
But what most of us don’t know is that how much time it’d take for Facebook to get fixed. In an interview given to Wired before his F8 keynote on Tuesday, Zuckerberg said it would take around three years to get Facebook back on track.
Read more about Mark Zuckerberg’s statement on The Wired.
In response to the recent Cambridge Analytica scandal, Facebook revealed its plan to bring a big feature at 2018 F8 developer conference. During his opening keynote, Facebook CEO Mark Zuckerberg announced a new privacy tool named Clear History.
This new feature will allow the users of the social networking website to clear their cookies and history. This way, you’ll be able to clear your browsing history on Facebook: what websites you’ve clicked on and what apps you’ve interacted with.
Read about the new Clear History feature that you can use to clear your Facebook history on Business Line.
With over 2 billion users, Facebook is perhaps the most sought-after social networking platform for cybercriminals. Facebook is targeted by hackers because it is one place where the scammers/fraudsters can access your email and other personal identifiable information because of Facebook’s real name policy. The risks of Facebook hacking are not only from hackers but from exes seeking revenge and companies engaging in cyber espionage on rival companies. Facebook can be hacked even if you have chosen strong passwords and taken extra security measures.
So, what can you do to prevent your Facebook accounts from being hacked? In this article, we make you aware of some of the attacks carried out by hackers on Facebook and how you can prevent them by knowing where and when the cybercriminals can strike.
Hack Facebook Account Password By Phishing
Phishing is one of the most popular attack route used by attackers for hacking Facebook accounts. While there are many methods to carry out phishing attack, a clone very real looking Facebook login page is the most used method. cybercriminals create a fake login page which looks similar to the original Facebook page that even seasoned Internet users are fooled into believing. The victim’s “Email Address” and “Password” is stored into a text file the moment the victim logs in through the fake page. The hacker then downloads the text file and is now able to view the victim’s credentials.
How To Avoid Phishing Attacks
Never log into your Facebook account on other devices
Avoid emails that ask you to log into your Facebook account
Always use Chrome, as it identifies the phishing page
Saved Passwords From Browser
The browser always asks to save the username and passwords on the computer whenever you try to log into a new website making it easy for hackers to hack your password. You can visit this URL and can see username and passwords you saved in your browser:
Tips To Protect Yourself
Never save login credentials on your browser.
Always use the strong password on your computer.
Email ID Hacking
One of the old time favorites amongst cybercriminals to hack the Facebook account is email ID hacking. All the hacker needs to do is access the connected email id of any Facebook account and manually reset your Facebook password. The best way to protect yourself against this kind of hack attack is to enable 2-factor-authentication.
Tips To Protect Yourself
Use Strong passwords for your email account
Enable 2 step authentication in your Gmail account
Never enter email account on unnecessary sites
Mobile Phone Hacking
Smartphones these days have made it easy for the Facebook users to access their accounts through their devices. If the hacker can gain access to the victim’s mobile phone, the hacker has access to the victim’s Facebook account. While there are several mobile spying softwares used to monitor a mobile phone, the most popular are Spy Phone Gold and Mobile Spy.
Tips To Protect Yourself
Use a trustworthy mobile security and Antivirus program on your mobile phone
Never install apps from unknown sources
Uninstall suspicious apps once you notice
Viewing Masked Passwords
Any hacker can view your masked passwords (****), if your browser has saved your Facebook login credentials. All the hacker needs to do is to make some changes from inspect element in your browser. Therefore, never leave your PC when it is on the signup page. It is recommended to never save your Facebook or other login credentials in your browser.
If you are accessing Facebook on an HTTP (non-secure) connection, a hacker can initiate session hijacking to steal your Facebook data. The hacker steals the victim’s browser cookie in a session hijacking attack, which is used to validate the user on a website and access the victim’s account. Session hijacking is extensively used on LAN and Wi-Fi connections.
An attacker who has physical access to your computer can just insert a USB pre-installed with keylogger malware which can steal any and all the information stored on your computer.
How To Protect Yourself
Insert trusted USB devices into your computer
Scan for USB devices once you plugged in
Don’t purchase second-hand USB devices
If you are using simple passwords like mobile number, DOB etc., even a noob hacker can guess the password and hack into your account and collect your personal information.
Tips To Protect Yourself
Never share your personal information via email, phone, chat messenger
To avoid the risk of Baiting, block USB devices
Avoid links from suspicious or unknown sites
Hacking Wi-Fi Network
Cybercriminals can target your Wi-Fi router if you are still using the default Wi-Fi router credentials or have set an easy password. Once they are into your Wi-Fi network, pretty much every information that you transmit over the Internet is accessible by hackers.
Tips To Protect Yourself
Don’t use Free Wi-Fi or public Wi-Fi
Change your Wi-Fi password on a regular basis
If you are using public Wi-Fi, always use VPN (virtual private network)
Leaving your computer unattended while being logged into your Facebook account is one of the biggest mistakes most people do, as it can give easy access to hackers. Therefore, ensure that you log out from your Facebook account every time you log in.
Third-party tracking code, used across the internet to track user behaviors on websites, optimize ads and other purposes, has been grabbing Facebook user information on websites that support logging in through the social media platform, Princeton researchers report.
When users log in to websites using Facebook’s Login feature, trackers can grab Facebook user IDs and in some cases other information such as email address or gender, potentially without the knowledge of the operators of the websites where the trackers are installed, according to the researchers.
Read about the new research by Princeton which reveals that online trackers use your Facebook login to steal data on Fast Company.
Cambridge Analytica, the firm that faced much criticism over its misuse of Facebook user data, had reportedly planned to organize its own initial coin offering (ICO) before the news broke.
According to a Reuters report citing anonymous sources on Thursday, Cambridge Analytica was originally expecting to raise around $30 million via the launch of its own cryptocurrency and had reached out to a firm that advises on how to structure such schemes.
While it remains unclear at the moment whether the ICO will go ahead after the Facebook controversy, the company told Reuters that it currently has plans to develop a blockchain platform that would give users control of their own information.
Read about how Cambridge Analytical of the Facebook data breach scandal was proposing its own cryptocurrency to sell the stolen Facebook data on Coin Desk.