Friday March 22, 2019
Home Lead Story Private Messa...

Private Messages of 120 mn Facebook Users Hacked: Report

According to Digital Trends, the latest hack involves the use of browser extensions

0
//
Facebook
Facebook releases Messenger redesign on Android, iOS. Pixabay

Hackers have gained access to private messages of nearly 120 million Facebook accounts and already published such messages from 81,000 accounts for generating money, the BBC reported.

Several users whose details have been compromised were based in Ukraine and Russia but some were also from the UK, US, Brazil and elsewhere, thereport said on Friday.

“The hackers offered to sell access for 10 cents per account. However, their advert has since been taken offline,” it added.

The breach was first discovered in September and the messages were reportedly obtained through unnamed rogue browser extensions.

Facebook, however, said its systems were not breached as part of the hack.

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Guy Rose, Vice President of Product Management at Facebook, was quoted as saying.

Facebook, Child nudity
This photo shows a Facebook app icon on a smartphone in New York. VOA

“We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”

The BBC Russian Service contacted five Russian Facebook users whose private messages had been uploaded and confirmed the posts were theirs.

“One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode (British rock band) concert and a third included complaints about a son-in-law,” the report said.

In the biggest-ever security breach after Cambridge Analytica scandal, Facebook in October admitted that hackers broke into nearly 50 million users’ accounts by stealing their “access tokens” or digital keys.

Rosen had said that Facebook fixed the vulnerability and reset the access tokens for a total of 90 million accounts — 50 million that had access tokens stolen and 40 million that were subject to a “View As” look-up in 2017.

Facebook
Facebook, social media. Pixabay

Ireland’s Data Protection Commission (DPC), which is Facebook’s lead privacy regulator in Europe, has opened a formal investigation into this data breach that could result in a fine of $1.63 billion.

Also Read- Microsoft is Leading Quantum Computer Race to Unlock Mysteries Around Us

According to Digital Trends, the latest hack involves the use of browser extensions.

“It is always best to check which source an extension is coming from, and which permissions it is being granted access to,” it said.

Next Story

Experts Urging Users to Change their Facebook Passwords and Turn on Two-Factor Authentication

Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way

0
Facebook
Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way. Pixabay

After a report revealed around 200-600 million Facebook users may have had their account passwords stored in plain text and searchable by over 20,000 Facebook employees, cybersecurity experts are urging users to change their passwords and turn on the two-factor authentication (2FA).

So far the inquiry has uncovered archives with plain text user passwords dating back to 2012, according to the report published this week by KrebsOnSecurity, a blog run by journalist Brian Krebs.

Facebook in a blog post on Thursday said that it had fixed the issue and will be notifying everyone whose passwords it found stored this way.

“It’s perfectly possible that no passwords at all fell into the hands of any crooks as a result of this. But if any passwords did get into the wrong hands then you can expect them to be abused,” said Paul Ducklin, Senior Technologist at global cybersecurity firm Sophos.

facebook
Facebook said it had found no evidence to date that anyone internally abused or improperly accessed the passwords. Pixabay

“Hashed passwords still need to be cracked before they can be used; plaintext passwords are the real deal without any further hacking or cracking needed,” Ducklin added.

Facebook said it had found no evidence to date that anyone internally abused or improperly accessed the passwords.

“While the details of the incident are still emerging, this is likely an accidental programming error that led to the logging of plain text credentials. That said, this should never have happened and Facebook needs to ensure that no user credentials or data were compromised as a result of this error,” said John Shier, Senior Security Advisor at Sophos.

“This is also another reminder for people who are still reusing passwords or using weak passwords to change their Facebook password to something strong and unique and to turn on two-factor authentication (2FA),” Shier said. Turning on 2FA would mean that a password alone is not enough for crooks to raid your account, Ducklin added.

facebook
Turning on 2FA would mean that a password alone is not enough for crooks to raid your account, Ducklin added. Pixabay

Facebook also asked people to change their passwords “out of an abundance of caution”.

Earlier this month, Facebook came under scrutiny for using phone numbers provided for security reasons — like two-factor authentication (2FA) — for things like advertising and making users searchable by their phone numbers across its different platforms.

ALSO READ: New Zealand PM Jacinda Ardern Receives Death Threats on Social Media

“Another security measure users can implement to strengthen their digital security postures is to use different passwords for different online accounts. Don’t use your Facebook password for any other login, particularly for personal/professional email accounts or online banking,” said Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited.

“It is also a good practice to log out whenever not using Facebook, even on mobile devices,” Katkar added. (IANS)