Facebook is the world’s largest, most influential social media network. They boast of world-class, cutting edge security protocols, which is considered the world’s best.
But despite these, a major security lapse has happened, and it has directly compromised 5 crores or 50 million Facebook users.
In their 14-year history, this was the biggest security compromise witnessed by Facebook, and the technological world is stunned.
Guy Rosen, Facebook’s Vice President of Product Management, and Nathaniel Gleicher, Facebook’s Head of Cybersecurity Policy held a press conference, wherein they explained precisely what happened in this security breach.
Here are 7 interesting facts about this massive user-security breach, which every social media user should be aware of:
When Did The Breach Happen?
As per Facebook’s own admittance, this breach happened on Friday, in a phased manner, all over the world.
Were You Affected?
Around 50 million Facebook users experienced the breach: The user was automatically logged out, and then prompted to again login. In case you experienced this activity, then yes, you were affected.
What Should You Do?
Nothing much, besides re-logging into Facebook across all devices. Infact, Facebook recommended all users to logout and then re-log-in using the same password.
Interestingly, Facebook hasn’t recommended changing the passwords, but some security observers said that changing passwords can be a good option.
As a security measure, Facebook refreshed login activities of 90 million users, as a precautionary measure.
Who Did This Hack?
Even after three days of the hack, no one knows how initiated this hack and whether any global syndicate was behind this.
Investigations are still on by Facebook.
What Exactly Happened In This Security Breach?
As per Facebook’s own version, there were three bugs which were exploited by the hackers and allowed them to break into Facebook’s internal systems, and carry out this data breach.
The first one was User Access Tokens for the affected users. Facebook provides a ‘View As” profile option for different users, wherein they can view their own profile as a random visitor will see.
This is done via User Access Tokens, and the same was ‘stolen’ by the hackers, to gain access into users’ account. Once these tokens were allegedly stolen, the hackers were able to access any users’ profile, and almost every form of data which is stored – both public and private.
The second big was present in the new Video Uploader option which Facebook introduced last year. This feature too generated User Access Tokens, which were allegedly stolen by the hackers to gain access into users’ accounts.
The third was “View As” option for this new Video Uploader feature, which generated User Access Tokens, which were stolen by the hackers.
Mark Zuckerberg, during a call with press, said, “The vulnerability allowed the attackers to steal Facebook access tokens—the equivalent of a digital key-—which they could have used to take over or access people’s accounts.”
It is not yet clear that out of 50 million compromised accounts, how many were actually hacked using which type of bug.
What About Facebook-Linked Social Media Accounts?
Now, as the news of Facebook’s massive data breach spread like wild-fire, tech observers questioned a very crucial thing: What about social media accounts which are linked with Facebook?
Whatsapp and Instagram are anyways internally linked, as they are owned by Facebook, but there are other apps as well such as Swiggy, Zomato, BigBasket, Hotstar, Tinder, Nykaa, SonyLIV, RentoMojo, FreshMenu, Chai Point, Quora, Snapchat, HealthifyMe, and Dominos (for Indian users).
Infact, at this very moment, even Facebook doesn’t know whether the hackers of these User Access Tokens were able to gain access into linked accounts or not.
Rumors state that even Mark Zuckerberg’s account was hacked, and a group of users has even sued Facebook over this data breach.
We will keep you updated, as we receive more inputs.
Again, a reminder: Privacy in 2018 and beyond is just a myth. And do change your Facebook password. Right away!
To Read Our Daily News Updates, Please visit Inventiva or Subscribe Our Newsletter & Push.