50M Face­book ac­counts hacked

Here’s what you need to know about the lat­est so­cial-me­dia se­cu­rity breach

USA TODAY Weekend Extra - - MONEY - Ed­ward C. Baig Con­tribut­ing: Jessica Guynn

Face­book hasn’t re­vealed a ton about the data breach in which hack­ers ex­ploited code that could let them take over about 50 mil­lion user ac­counts. CEO Mark Zucker­berg ex­plained that the com­pany’s in­ves­ti­ga­tion is still in its early stages. But this lat­est rup­ture is an­other bruise for a com­pany that has al­ready been ham­mered by a se­ries of pri­vacy and se­cu­rity vi­o­la­tions, lead­ing to Zucker­berg be­ing grilled be­fore Congress back in April.

Face­book says hack­ers ex­ploited a vul­ner­a­bil­ity in the “View As” fea­ture, which lets you see what your pro­file looks like to other peo­ple. At­tack­ers were able to steal Face­book “ac­cess to­kens,” the dig­i­tal keys that keep you logged into Face­book so that you don’t need to re-en­ter your pass­word ev­ery time you use the app.

The vul­ner­a­bil­ity ap­par­ently stemmed from a change made in July 2017 in the way video was up­loaded on the site, which the so­cial net­work says af­fected “View As.” Hav­ing ob­tained such ac­cess to­kens, the bad guys were able to steal more to­kens.

Here’s what else we know about this lat­est at­tack and what you should do about it:

Ques­tion: Should I not use the “View As” fea­ture?

An­swer: Ac­tu­ally, for now, you won’t be able to use it. While it in­ves­ti­gates what hap­pened, Face­book has tem­po­rar­ily turned off the fea­ture.

Q: Is my own ac­count safe?

A: The short an­swer is you can’t know for sure, but Face­book has taken pre­cau­tion­ary steps. On Fri­day, it forced some 90 mil­lion peo­ple to log out of their ac­counts – the 50 mil­lion it knows were af­fected, plus 40 mil­lion other ac­counts that took ad­van­tage of the “View As” fea­ture in the past year.

Q: Can I trust Face­book? A: That’s a ques­tion many among Face­book’s 2.2 bil­lion monthly ac­tive users are un­doubt­edly ask­ing. After all, this lat­est breach fol­lows Face­book’s dis­clo­sure ear­lier in the year of an es­ti­mated 87 mil­lion peo­ple who had their pro­files scraped and im­prop­erly shared with Cam­bridge An­a­lyt­ica, a po­lit­i­cal ad-tar­get­ing firm. Dur­ing his tes­ti­mony be­fore Congress, Zucker­berg ac­knowl­edged that Face­book can amass data to con­struct what are be­ing re­ferred to as “shadow pro­files” of you, even if you never opted in or joined Face­book.

That’s go­ing to wig some users out for sure.

Face­book did go to great pains in an April blog post to ex­plain how and why it tracks peo­ple who don’t use Face­book.

Q: What steps should I take right away?

A: Face­book claims you won’t need to change your pass­word be­cause of what has hap­pened, but it’s al­ways bet­ter to be safe than sorry.

Gary Davis, chief con­sumer se­cu­rity evan­ge­list at McAfee, cer­tainly rec­om­mends chang­ing your pass­word – and not only at Face­book but at In­sta­gram, Twit­ter and other so­cial me­dia ac­counts as well.

You hear this all time, but don’t use the same pass­words at each place, ei­ther, some­thing all too many folks do. McAfee re­search re­veals a third of peo­ple rely on the same three pass­words for ev­ery ac­count they’re signed up for.

Fol­low other long-stand­ing cy­ber­se­cu­rity best prac­tices. For Tyler Mof­fitt, se­nior threat re­search an­a­lyst at threat in­tel­li­gence provider We­b­root, such prac­tices in­clude “dis­con­nect­ing any un­nec­es­sary apps or games in so­cial me­dia plat­forms, mak­ing sure two-fac­tor au­then­ti­ca­tion is en­abled, and never giv­ing out per­sonal or fi­nan­cial in­for­ma­tion in your pro­file or pri­vate mes­sen­ger con­ver­sa­tions.”

Visit Face­book’s Help Cen­ter – click the cir­cled ques­tion mark near the top of the screen to get there – to change your pass­word, im­ple­ment two-fac­tor au­then­ti­ca­tion (Face­book will ask for a se­cu­rity code if it no­tices a log-in from an un­usual de­vice) or take other steps. Mean­while, in the Se­cu­rity and Lo­gin set­tings, you’ll see a list of all the places you’ve logged in with your Face­book ac­count; Face­book lets you log out of all those places at once with a sin­gle click.


Face­book CEO Mark Zucker­berg says at­tack­ers who gained ac­cess to 50 mil­lion ac­counts would have had the abil­ity to view pri­vate mes­sages or post on some­one’s ac­count, but there’s no sign that they did.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.