For users, Facebook’s publication of data violation raised an important question to reach up to 50 million accounts to attackers: What happens next?
For owners of affected accounts, and $ 40 million, which is considered risk to Facebook, the first order of business can be simple: Sign back in to the app. The hacker logged all of 90 million accounts to reset the digital keys of the theft – usually the keys used to keep users logged in, but the external controls the accounts of the compromised accounts Could also give
The next waiting game is because Facebook continues to investigate and users scan for notifications that their accounts were targeted by hackers.
So far, does Facebook know that hackers have access to more than 50 million accounts by exploiting three different bugs in the Facebook code, so that they can steal digital keys, technically called “access tokens” is. The company says it has fixed a bug.
Users do not need to change their Facebook password, although security experts say there is no problem in doing this.
However, Facebook does not know who was behind the attacks or where they were located. In a call with reporters on Friday, CEO Mark Zuckerberg – who had been compromised with his account – said that the attackers will have the ability to see private messages or post on someone’s account, but they have no indication.
Zuckerberg said, “We do not yet know that any account was actually misused.”
Hack is the latest shock for Facebook during a tough year of security problems and privacy issues. So far, however, any of these issues have shaken the belief of the company’s 2 billion global users to a great extent.
This latest hack includes bugs in Facebook’s “View Age” feature, which lets people see how their profiles look to others. The attackers used the vulnerability to steal access tokens from the accounts of those whose profiles came in search using the “ViewEys” feature. The attack then moved from one user’s Facebook friend to another. The capture of those tokens will allow the attackers to control those accounts.
Guy Rosen, Vice President of Product Management, Facebook Management, said that one of the bugs was a year old and was impressed how the “birthday” feature talks about Facebook’s video uploading feature to post “Happy Birthday” messages. But it was not until mid-September that Facebook saw a boom in unusual activity, and by this week it was not known about the attack, Rosen said.
Rosen said in a call to the reporters, “We are not yet able to determine whether specific accounts had specific targeting or not.” “It appears to be comprehensive and we do not yet know who was behind these attacks and where they can be based.”
Rosen said, neither password nor credit card data was stolen. He said that the company has alerted the FBI and regulators in the United States and Europe.
Jake Williams, a security expert of Rendition Infosac, said that he was concerned that hacks could affect third party applications.
Williams noted that the company’s “Facebook login” feature allows users to log in to other apps and websites with their Facebook certificates. They said, “These access tokens that were stolen when a user is logged in to Facebook and it can be enough to reach a user’s account on a third party site.”
Facebook confirmed on Friday that third-party applications, including their own Instagram app, could have been affected.
Rosen said, “The vulnerability was on Facebook, but these access tokens made someone capable of using the account as if they were account holders.”
The news was broken earlier this year that a data analytics firm employed by Trump Campaign, Cambridge Analyst, improperly accessed personal data from millions of user profiles. Then a Congress investigation found that the agents of Russia and other countries are posting fake political advertisements for at least the year 2016. In April, Zuckerberg appeared in a Congress hearing on Facebook’s privacy practices.
Facebook bug reminds us of a major attack on Yahoo in which the attackers compromised 3 billion accounts – half of the world’s population In Yahoo’s case, the information stolen included names, email addresses, phone numbers, birthdays, and security questions and answers. It was one of a series of Yahoo hacks in many years.
Later, American prosecutors blamed Russian agents for using information selected from Yahoo to spy on Russian journalists, US and Russian government officials and employees of financial services and other private businesses.
Thomas Reid, Professor of Johns Hopkins University, said, in the case of Facebook, it can be very quick to know how rampant the attackers were and if they were associated with a nation state. Reid said it could be a spammer or a criminal.
Reid said, “We have not seen anything here that is so sophisticated that it requires a state actor.” “Fifty Million R