Facebook Hack: 50 million Facebook users’ access stolen using zero-day flaw
According to a blog post published on September 28th, 2018 by Facebook (FB), their engineering team discovered that 50 million accounts were affected by a security issue. Practically, a vulnerability in FB code allowed hackers to steal FB access tokens. The full article can be read here.
It is interesting to have a look at the details of the hack according with the FB VP of product management:
“For about 15 million Facebook users, attackers accessed two sets of information: usernames and contact information including phone numbers, email addresses and other contact information depending on what users had on their profiles.
For about 14 million Facebook users, attackers accessed an even wider part of their personal data, including the same two sets of information mentioned above, along with other details users had on their profiles, like gender, language, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or pages they follow, and the 15 most recent searches.
A remaining 1 million Facebook users did not have any personal data accessed by the attackers.”
This type of incident shows once more the need to involve cyber-security measures at software design time, but also to have the right tools to detect and prevent, if hack attempts are happening. FB is finding recently harder to detect and contain potential breaches as new features are being rolled out fast and their business model changes and adapts rapidly to the detriment of proper security measures and preventive actions.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.