News

Facebook Hacked: More Than 50 Million Accounts Compromised

image from Facebook

It has not been a good year for Facebook. From the revelation of 
Cambridge Analytica having access to user’s data to Facebook giving advertisers access to your 2FA phone numbers, Facebook has been quite the security and privacy nightmare. Yesterday, Facebook announced that 50 million accounts have potentially been compromised due to a bug introduced into their system.

So what exactly happened?

To put it simply, a piece of code introduced in 2017 allowed for users to get the access token used to verify you are logged in on Facebook. With this access token, hackers are able to access your account without having to guess your password or enter the 2FA authentication. What is worse is that this not only affects your Facebook account but any account that you used Facebook to login to. So that means your Instagram, Spotify as well as many others all might have been accessed.

What has been done so far?

Facebook has reset the access token for all 50 million accounts that were affected. Additionally, they have reset another 40 million as a precautionary measure.  The “View As” feature that was used to gain access to the access token has been temporarily disabled while Facebook conducts a thorough investigation.  Facebook is also working with the FBI to figure out who was conducting the hack.

How does this affect me?

The problem with Facebook is the information people share on the platform. Do you have your elementary school listed on your Facebook profile (a common security question used for accounts)? Did you post a picture of your first car (another common security question)? Even if its just set to only viewable by yourself? Coupled with the Experian hack and other security hacks out there, it really would not be too hard to compile this information together to compromise your bank account or other accounts

What should you do?

My recommendation would be to remove any information on Facebook that could potentially be used to verify your identity. Be mindful of what you share, what you post on the internet stays on the internet forever.

Check to see if there have any unauthorized logins into your account from places you don’t recognize. You can do this by going to https://www.facebook.com/settings?tab=security&section=sessions&view

Consider deleting your account if you can live without Facebook and other accounts that require a Facebook login. If you can’t live without Instagram or Messenger, suspending your account would be the better alternative since those services will still be available with a suspended account.

For more technical details about what is happening, read the official Facebook Blog

News

Third Party Apps reading your Gmail? Yup, that is happening

Third Party Apps reading your Gmail? Yup, that is happening

image via wikipedia

A recent Wall Street Journal article has done an in depth report on Third Party applications reading your email contents sometimes without your explicit consent. Many of these companies (e.g. Earny) rely on your email content to create better algorithms, generate information to sells to other party for advertisement and/or marketing. Often times, your personal emails can accidentally end up on servers or read by an actual employee to improve their service. Although this is the reality of making machine learning algorithms better, companies should give users more control over their own data. As a consumer, make sure to take some time to throughly read through any privacy policy and user agreements when signing up for a service. It is often times best to do some research on how a particular company monetizes and then decide whether you are okay with trading your privacy for the free and convenient service.

Source: Wall Street Journal