Fifty mil­lion ac­counts left com­pletely open

Maximum PC - - QUICKSTART -

THERE HAS BEEN an­other huge se­cu­rity breach at Face­book, the worst in its his­tory. Engi­neers no­ticed un­usual ac­tiv­ity on Septem­ber 16, worked out what was go­ing on nine days later, and two days af­ter that closed down the breach. Up to 50 mil­lion ac­counts are said to have been com­pro­mised; it is un­sure for how long.

The hack­ers ex­ploited an in­ter­ac­tion be­tween three soft­ware bugs, and the flaw dates back to July 2017, with the in­tro­duc­tion of the “View As” fea­ture— iron­i­cally, par­tially a pri­vacy tool. Us­ing it cre­ates keys, called ac­cess to­kens, which en­able peo­ple to re­con­nect to their ac­counts with­out us­ing pass­words. It was th­ese to­kens that were spir­ited away.

Armed with a to­ken, a hacker could pose as the ac­count holder, and the ac­count be laid open. The po­ten­tial for mis­chief is alarm­ing, al­though there have been no re­ports of tam­per­ing with posts, but there are signs of pro­file data be­ing accessed.

The at­tack was so­phis­ti­cated, and no group has been linked to it, lead­ing to spec­u­la­tion about the source, in­clud­ing the pos­si­bil­ity of in­volve­ment by state­spon­sored groups. Face­book is work­ing with the FBI to track the cul­prits, but re­sults aren’t ex­pected quickly, if at all.

“We have a re­spon­si­bil­ity to pro­tect your data, and if we can’t, then we don’t de­serve to serve you,” so said Mark Zucker­berg af­ter the data har­vest­ing by Cam­bridge An­a­lyt­ica ear­lier this year. On this hack he was “glad we found this, but it def­i­nitely is an is­sue that this hap­pened in the first place.” The lack of tan­gi­ble dam­age has helped min­i­mize the pub­lic re­la­tions storm; stock prices dipped, but noth­ing like the 18 per­cent drop in the sum­mer.

Be­fore Congress, Zucker­berg said, “We have to do a lot of work about build­ing trust back.” It ap­pears this is still the case. With great data comes great re­spon­si­bil­ity.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.