Saturday July 20, 2019
Home Lead Story Experts Urgin...

Experts Urging Users to Change their Facebook Passwords and Turn on Two-Factor Authentication

Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way

0
//
Facebook
Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way. Pixabay

After a report revealed around 200-600 million Facebook users may have had their account passwords stored in plain text and searchable by over 20,000 Facebook employees, cybersecurity experts are urging users to change their passwords and turn on the two-factor authentication (2FA).

So far the inquiry has uncovered archives with plain text user passwords dating back to 2012, according to the report published this week by KrebsOnSecurity, a blog run by journalist Brian Krebs.

Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way.

“It’s perfectly possible that no passwords at all fell into the hands of any crooks as a result of this. But if any passwords did get into the wrong hands then you can expect them to be abused,” said Paul Ducklin, Senior Technologist at global cybersecurity firm Sophos.

facebook
Facebook said it had found no evidence to date that anyone internally abused or improperly accessed the passwords. Pixabay

“Hashed passwords still need to be cracked before they can be used; plaintext passwords are the real deal without any further hacking or cracking needed,” Ducklin added.

Facebook said it had found no evidence to date that anyone internally abused or improperly accessed the passwords.

“While the details of the incident are still emerging, this is likely an accidental programming error that led to the logging of plain text credentials. That said, this should never have happened and Facebook needs to ensure that no user credentials or data were compromised as a result of this error,” said John Shier, Senior Security Advisor at Sophos.

“This is also another reminder for people who are still reusing passwords or using weak passwords to change their Facebook password to something strong and unique and to turn on two-factor authentication (2FA),” Shier said. Turning on 2FA would mean that a password alone is not enough for crooks to raid your account, Ducklin added.

facebook
Turning on 2FA would mean that a password alone is not enough for crooks to raid your account, Ducklin added. Pixabay

Facebook also asked people to change their passwords “out of an abundance of caution”.

Earlier this month, Facebook came under scrutiny for using phone numbers provided for security reasons — like two-factor authentication (2FA) — for things like advertising and making users searchable by their phone numbers across its different platforms.

ALSO READ: New Zealand PM Jacinda Ardern Receives Death Threats on Social Media

“Another security measure users can implement to strengthen their digital security postures is to use different passwords for different online accounts. Don’t use your Facebook password for any other login, particularly for personal/professional email accounts or online banking,” said Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited.

“It is also a good practice to log out whenever not using Facebook, even on mobile devices,” Katkar added. (IANS)

Next Story

Google, Facebook Secretly Tracking Your Porn-viewing Habits

“While the findings of this study are far from encouraging, we do believe regulatory intervention may have positive outcomes,” said the researchers

0
Google, smart compose
The Google name is displayed outside the company's office in London, Britain. VOA

If you think watching pornographic material in the “incognito” mode will not let anyone know, you are mistaken. Google, Facebook and even Oracle cloud are secretly tracking the porn you watch even when you switch on the “incognito” mode on your laptop or smartphone.

A new joint study from Microsoft, Carnegie Mellon University and University of Pennsylvania that investigated 22,484 sex websites using a tool called “webXray” revealed that 93 per cent of pages track and leak users’ data to third-party organisations.

“Tracking on these sites is highly concentrated by a handful of major companies,” said the researchers who identified 230 different companies and services tracking users in their sample.

Of non-pornography-specific services, Google tracks 74 per cent of sites, Oracle 24 per cent and Facebook 10 per cent.

Porn-specific trackers in the top 10 are exoClick (40 per cent), JuicyAds (11 per cent), and EroAdvertising (9 per cent).

“The majority of non-pornography companies in the top 10 are based in the US, while the majority of pornography-specific companies are based in Europe,” said the study.

The researchers – Elena Maris, Microsoft Research; Timothy Libert, Carnegie Mellon University; and Jennifer Henrichsen, University of Pennsylvania – said they successfully extracted privacy policies for 3,856 sites, 17 per cent of the total.

“The policies were written such that one might need a two-year college education to understand them. The content analysis indicated 44.97 per cent of them expose or suggest a specific gender/sexual identity or interest likely to be linked to the user,” said the study to be published in the journal New Media & Society.

The team created a hypothetical profile named “Jack” who decides to view porn on his laptop.

Corporate, America, Climate Change
FILE – In this April 30, 2019, file photo, Facebook stickers are laid out on a table at F8, Facebook’s developer conference in San Jose, Calif. The Boston-based renewable energy developer Longroad Energy announced in May that Facebook is building a… VOA

Jack enables “incognito” mode in his browser, assuming his actions are now private. He pulls up a site and scrolls past a small link to a privacy policy. Assuming a site with a privacy policy will protect his personal information, Jack clicks on a video.

“What Jack does not know is that incognito mode only ensures his browsing history is not stored on his computer. The sites he visits, as well as any third-party trackers, may observe and record his online actions,” the researchers noted.

These third-parties may even infer Jack’s sexual interests from the URLs of the sites he accesses. They might also use what they have decided about these interests for marketing or building a consumer profile. They may even sell the data.

Jack has no idea these third-party data transfers are occurring as he browses videos.

“His assumption that porn websites will protect his information, along with the reassurance of the ‘incognito’ mode icon on his screen, provide Jack a fundamentally misleading sense of privacy as he consumes porn online,” wrote the researchers.

The above hypothetical scenario occurs frequently in reality and is indicative of the widespread data leakage and tracking that can occur on porn sites, they added.

Also Read: Instagram to Now Alert Violators Before Deleting Accounts

In 2017, Pornhub, one of the largest porn websites, received 28.5 billion visits, with users performing 50,000 searches per second on the site.

Statistics vary as to the amount of overall porn activity on the internet, but a 2017 report indicated porn sites get more visitors each month than Netflix, Amazon, and Twitter combined, and that “30 per cent of all the data transferred across the Internet is porn”, with site YouPorn using six times more bandwidth than Hulu.

“While the findings of this study are far from encouraging, we do believe regulatory intervention may have positive outcomes,” said the researchers. (IANS)