News

Facebook Hacked: More Than 50 Million Accounts Compromised

image from Facebook

It has not been a good year for Facebook. From the revelation of 
Cambridge Analytica having access to user’s data to Facebook giving advertisers access to your 2FA phone numbers, Facebook has been quite the security and privacy nightmare. Yesterday, Facebook announced that 50 million accounts have potentially been compromised due to a bug introduced into their system.

So what exactly happened?

To put it simply, a piece of code introduced in 2017 allowed for users to get the access token used to verify you are logged in on Facebook. With this access token, hackers are able to access your account without having to guess your password or enter the 2FA authentication. What is worse is that this not only affects your Facebook account but any account that you used Facebook to login to. So that means your Instagram, Spotify as well as many others all might have been accessed.

What has been done so far?

Facebook has reset the access token for all 50 million accounts that were affected. Additionally, they have reset another 40 million as a precautionary measure.  The “View As” feature that was used to gain access to the access token has been temporarily disabled while Facebook conducts a thorough investigation.  Facebook is also working with the FBI to figure out who was conducting the hack.

How does this affect me?

The problem with Facebook is the information people share on the platform. Do you have your elementary school listed on your Facebook profile (a common security question used for accounts)? Did you post a picture of your first car (another common security question)? Even if its just set to only viewable by yourself? Coupled with the Experian hack and other security hacks out there, it really would not be too hard to compile this information together to compromise your bank account or other accounts

What should you do?

My recommendation would be to remove any information on Facebook that could potentially be used to verify your identity. Be mindful of what you share, what you post on the internet stays on the internet forever.

Check to see if there have any unauthorized logins into your account from places you don’t recognize. You can do this by going to https://www.facebook.com/settings?tab=security&section=sessions&view

Consider deleting your account if you can live without Facebook and other accounts that require a Facebook login. If you can’t live without Instagram or Messenger, suspending your account would be the better alternative since those services will still be available with a suspended account.

For more technical details about what is happening, read the official Facebook Blog

News

Wifi Alliance announced WPA3 security standard after 14 years

The wifi alliance has recently announced a new security standard called WPA3. The new security standard is suppose to provide more robust authentication and better security for shorter passwords making it harder to hack. Existing router can add WPA3 to their device if vendors decide to provide firmware updates to their devices. Cisco seems to one of the initial manufactures that have voiced their support for WPA3 and is currently looking to both implement it on some existing and future routers.

Source: Wifi Alliance, Cnet

News

Apple will update iOS to block police hacking tool

Apple is adding an “USB restricted mode” that will turn off all data communication from the lightning port if the device has not been unlocked within the last hour. This feature will protect against the GrayKey phone-cracking tool that current law enforcements are using in order to get into encrypted phones. One of the major benefits of this feature is that it should prevent a whole class of attacks that target the iPhone’s lightning port. Currently the feature is in the developer betas for both iOS 12 and iOS 11.4.1.

Source: Verge