We previously wrote about the Summary of the facts about Facebook Hacking and though technically it wasn't a hack but an issue with access, in other words Facebook was not hacked as everyone wants you to believe rather it was just, people were able to view your profile simply because you logged into Instagram.
So far this is all we know though it may be very early to know how sophisticated the attackers were and if they were connected to a nation state, more so they could also be spammers or criminals, as Fifty million random Facebook accounts are not interesting for any intelligence agency.
It is not clear when the attack happened, but it appears to have occurred after the video-uploading program was introduced, since Facebook forced more than 90 million users to log out early Friday, a common safety measure taken when accounts have been compromised and worse of all users who posted breaking stories about the breach were prompted with a notice that their posts had been taken down since many people were posting the stories and it seemed like spam to the Facebook systems that block abuse of its network.
Facebook was 'hacked' through three software flaws in Facebook’s systems that allowed hackers to break into user accounts, including Mark Zuckerberg and Sheryl Sandberg and once in, the attackers could have gained access to apps like Spotify, Instagram and hundreds of others that give users a way to log into their systems through Facebook, more so the attackers would have had the ability to view private messages or post on someone’s account, but there’s no sign that they did.
Facebook was 'hacked' through three vulnerabilities, two of which were introduced by an online tool meant to improve the privacy of users while the third was through another a tool meant to easily upload birthday videos.
The first two vulnerabilities were found in the site’s “View As” feature, which allows users to check on which information other people could see about them, it was a feature that was built to give more control to users over their privacy. The other vulnerability which was found video-uploading program for birthday celebrations, a software feature that was introduced in July 2017, all these allowed attackers to steal access tokens which are more like digital keys that allow access to an account thus the possession of those tokens would allow attackers to control those accounts.
In practice these vulnerabilities affected how the ‘View As’ feature interacted with Facebook’s video uploading feature for posting ‘happy birthday’ messages, that was detected mid-September when Facebook noticed an uptick in unusual activity and its only until this week that Facebook learned of the attack, as attackers used that vulnerability to steal access tokens from the accounts of people whose profiles came up in searches using the ‘View As’ feature and then moved along from one user’s Facebook friend to another.
The attackers tried to harvest people’s private information, including name, sex and hometown, from Facebook’s systems, though Facebook could not determine the extent of the attackers’ access to third-party accounts,
Though Facebook said it had fixed the vulnerabilities and notified law enforcement officials as required,it was hard for them to identify the origin and identity of the attackers as such they could not fully assessed the scope of the attack or if particular users were targeted.
Still, the recently discovered breach was a reminder that it is exceptionally difficult to entirely secure a system that has many users and still allows other third party service to use the same service.
You can read about securing your facebook account however if you think your account has been compromised then its high time you consider Securing your account we recommend you use our proof of concept Password Manager
No comments:
Post a Comment