Tuesday January 28, 2020
Home Lead Story Experts Urgin...

Experts Urging Users to Change their Facebook Passwords and Turn on Two-Factor Authentication

Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way

0
//
Facebook
Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way. Pixabay

After a report revealed around 200-600 million Facebook users may have had their account passwords stored in plain text and searchable by over 20,000 Facebook employees, cybersecurity experts are urging users to change their passwords and turn on the two-factor authentication (2FA).

So far the inquiry has uncovered archives with plain text user passwords dating back to 2012, according to the report published this week by KrebsOnSecurity, a blog run by journalist Brian Krebs.

Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way.

“It’s perfectly possible that no passwords at all fell into the hands of any crooks as a result of this. But if any passwords did get into the wrong hands then you can expect them to be abused,” said Paul Ducklin, Senior Technologist at global cybersecurity firm Sophos.

facebook
Facebook said it had found no evidence to date that anyone internally abused or improperly accessed the passwords. Pixabay

“Hashed passwords still need to be cracked before they can be used; plaintext passwords are the real deal without any further hacking or cracking needed,” Ducklin added.

Facebook said it had found no evidence to date that anyone internally abused or improperly accessed the passwords.

“While the details of the incident are still emerging, this is likely an accidental programming error that led to the logging of plain text credentials. That said, this should never have happened and Facebook needs to ensure that no user credentials or data were compromised as a result of this error,” said John Shier, Senior Security Advisor at Sophos.

“This is also another reminder for people who are still reusing passwords or using weak passwords to change their Facebook password to something strong and unique and to turn on two-factor authentication (2FA),” Shier said. Turning on 2FA would mean that a password alone is not enough for crooks to raid your account, Ducklin added.

facebook
Turning on 2FA would mean that a password alone is not enough for crooks to raid your account, Ducklin added. Pixabay

Facebook also asked people to change their passwords “out of an abundance of caution”.

Earlier this month, Facebook came under scrutiny for using phone numbers provided for security reasons — like two-factor authentication (2FA) — for things like advertising and making users searchable by their phone numbers across its different platforms.

ALSO READ: New Zealand PM Jacinda Ardern Receives Death Threats on Social Media

“Another security measure users can implement to strengthen their digital security postures is to use different passwords for different online accounts. Don’t use your Facebook password for any other login, particularly for personal/professional email accounts or online banking,” said Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited.

“It is also a good practice to log out whenever not using Facebook, even on mobile devices,” Katkar added. (IANS)

Next Story

Social Networking Giant Facebook Blames Apple iOS for Bezos’ Phone Hacking

WhatsApp provides end-to-end encryption by default, which means only the sender and recipient can view the messages

0
Social Media, Facebook, Authenticity, Posts
The social media application, Facebook is displayed on Apple's App Store, July 30, 2019. VOA

Facebook has blamed Apple’s operating system for the hacking of Amazon Founder and CEO Jeff Bezos’ phone, saying WhatsApp’s end-to-end encryption is unhackable.

Investigators believe that Bezos’s iPhone was compromised after he received a 4.4MB video file containing malware via WhatsApp – in the same way when phones of 1,400 select journalists and human rights activists were broken into by Pegasus software from Israel-based NSO Group last year.

In an interview to the BBC last week, Facebook’s Vice President of Global Affairs and Communications, Nick Clegg, said it wasn’t WhatsApp’s fault because end-to-end encryption is unhackable and blamed Apple’s operating system for Bezos’ episode.

“It sounds like something on the, you know, what they call the operate, operated on the phone itself. It can’t have been anything on the, when the message was sent, in transit, because that’s end-to-end encrypted on WhatsApp,” Clegg told the show host.

Clegg compared the hack to opening a malicious email, saying that “it only comes to life when you open it”.

According to a report from FTI Consulting, a firm that has investigated Bezos’ phone, after that the video file was received, Bezos’ phone started sending unusually large amounts of outbound data, including his intimate messages with his girlfriend Lauren Sanchez.

Jeff Bezos
Jeff Bezos, Amazon founder and owner of Blue Origin. (Wikimedia commons)

According to Clegg, “something” must have affected the phone’s operating system.

“As sure as you can be that the technology of end-to-end encryption cannot, other than unless you have handset, or you have the message at either end, cannot be hacked into,” he was quoted as saying.

Apple was yet to comment on Facebook’s statement.

The NSO Group has denied it was part of Bezos’ hacking.

Also Read: Here Are Some Life Lessons That We Can Learn From Freedom Fighters this Republic Day

WhatsApp provides end-to-end encryption by default, which means only the sender and recipient can view the messages. But the piece of NSO Group software exploited WhatsApp’s video calling system by installing the spyware via missed calls to snoop on the selected users.

According to leading tech policy and media consultant Prasanto K. Roy, end-to-end encrypted apps (E2EE) do provide security, and messages or calls cannot be intercepted and decrypted en route without enormous computing resources.

“But once anyone can get to your handset, whether a human or a piece of software, the encryption doesn’t matter anymore. Because on your handset, it’s all decrypted,” Roy told IANS recently. (IANS)