The worries for facebook do not seem to stop with cambridge analytica and this time around it’s a massive data breach of almost 50 million user accounts and another 40 million which are at risk, the vulnerability allowed hackers to take direct access to all these accounts information.
As per Facebook, the bugs that enabled the attack have since been patched. The company says that the attackers could see everything in a victim’s profile, although it’s still unclear if that includes private messages or if any of that data was misused. As part of that fix, Facebook automatically logged out 90 million Facebook users from their accounts, accounting both for the 50 million that Facebook knows were affected, and an additional 40 million that potentially could have been.
This latest hack involved bugs in Facebook’s “View As” feature, which lets people see how their profiles appear to others. The attackers used that vulnerability to steal access tokens from the accounts of people whose profiles came up in searches using the “View As” feature. The attack then moved along from one user’s Facebook friend to another. Possession of those tokens would allow attackers to control those accounts.
One of the bugs was more than a year old and affected how the “View As” feature interacted with Facebook’s video uploading feature for posting “happy birthday” messages, said Guy Rosen, Facebook’s vice-president of product management. But it wasn’t until mid-September that Facebook noticed an uptick in unusual activity, and not until this week that it learned of the attack, Rosen said.
“We haven’t yet been able to determine if there was specific targeting” of particular accounts, Rosen said in a call with reporters. “It does seem broad. And we don’t yet know who was behind these attacks and where they might be based.” Neither passwords nor credit card data was stolen, Rosen said. He said the company has alerted the FBI and regulators in the United States and Europe.
The Facebook bug brings back the memories of a much larger attack on Yahoo in which attackers compromised 3 billion accounts — enough for half of the world’s entire population. In the case of Yahoo, information stolen included names, email addresses, phone numbers, birthdates and security questions and answers. It was among a series of Yahoo hacks over several years.
The helplessness couldn’t possess come at a more regrettable time for Facebook, whose officials are as yet reeling from a progression of embarrassments that unfurled in the wake of the 2016 US presidential decision. An across the board Russian disinformation crusade utilized the stage unnoticed, trailed by disclosures that outsider organizations like Cambridge Analytica had gathered client information without their insight.
“There essentially may be no reasonable follow or knowledge enabling agents to come to an obvious conclusion.” Security Researcher Lukasz Olejnik.
The social media giant faces numerous government examinations concerning its protection and information sharing works on, including one test by the Federal Trade Commission and another led by the Securities and Exchange Commission. Both need to do with its exposures around Cambridge Analytica.