BIGGEST FACEBOOK HACK YET
Fifty million accounts left completely open
THERE HAS BEEN another huge security breach at Facebook, the worst in its history. Engineers noticed unusual activity on September 16, worked out what was going on nine days later, and two days after that closed down the breach. Up to 50 million accounts are said to have been compromised; it is unsure for how long.
The hackers exploited an interaction between three software bugs, and the flaw dates back to July 2017, with the introduction of the “View As” feature— ironically, partially a privacy tool. Using it creates keys, called access tokens, which enable people to reconnect to their accounts without using passwords. It was these tokens that were spirited away.
Armed with a token, a hacker could pose as the account holder, and the account be laid open. The potential for mischief is alarming, although there have been no reports of tampering with posts, but there are signs of profile data being accessed.
The attack was sophisticated, and no group has been linked to it, leading to speculation about the source, including the possibility of involvement by statesponsored groups. Facebook is working with the FBI to track the culprits, but results aren’t expected quickly, if at all.
“We have a responsibility to protect your data, and if we can’t, then we don’t deserve to serve you,” so said Mark Zuckerberg after the data harvesting by Cambridge Analytica earlier this year. On this hack he was “glad we found this, but it definitely is an issue that this happened in the first place.” The lack of tangible damage has helped minimize the public relations storm; stock prices dipped, but nothing like the 18 percent drop in the summer.
Before Congress, Zuckerberg said, “We have to do a lot of work about building trust back.” It appears this is still the case. With great data comes great responsibility.