Its probably already come to your attention that Facebook has suffered a further data breach. Stories about the breach have been dominating news outlets for the past days since the news came to light. Here’s everything you should know about it:
What happened?
For over six months, hackers had been able to log into Facebook accounts using the “View As” feature. This allowed them to see private account information such as contact lists and photos from someone else’s profile that they did not have permission or authorization to view. The company estimates that this breach affected 50 million users in total but has since fixed the issue reducing it down 30 million of those initially compromised; though there may be more who were still unaware their data was accessed because no notification for security breaches on Faceboook is provided until now- after being notified by reporters at TechCrunch about a new bug discovered by Turkish developer Okan Kaya exploiting its “viewing your own timeline” vulnerability.
The hackers began by using a series of fake accounts to attack the account of their friends. Then, they went on and attacked the friends’ friend’s accounts before managing gain access tokens for an additional 30 million people!
What data was compromised?
Hackers were able to obtain the below data from the affected accounts:
Username, gender, location/language, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.
Massive data theft on a global scale is bad news for everyone. Thankfully, this particular attack didn’t hit us nearly as hard as it could have- only 14 million users had their information compromised and not 15 or 1 billion!
Facebook has not yet found any information being sold on the dark web.
Attackers were able to gain access into Facebook’s system and did not steal credit card data, but they have refused to release more details about what was taken from them when their policy prohibits it.
How to know if your information was included in the breach
If you want to know whether or not your information was included in the Facebook breach, they have a notification service for that.
After Facebook was hacked, all accounts were automatically logged out when the attack was discovered. However, they should have seen a message at the top of their feed about this issue once they had logs back in.
If you want to take extra security precautions. You can check your settings to see the places where your account is currently logged in, and log them out.
Who carried out the attack
It is still unclear who was the mastermind behind these attacks, but given that Facebook and the FBI are investigating themselves, it’s no surprise they’re withholding this information for now.
The FBI is left with more questions than answers today as Facebook declines to offer any information on the matter. The company was contacted by federal authorities who asked for specifics, but it declined to share details about its users and their locations in this case.
Is the threat over?
Cybersecurity experts warn that attackers could still use stolen information for targeted phishing scams. Any business or individual who has had their account compromised needs to stay vigilant in the coming weeks, looking out for suspicious emails and text messages from unknown numbers.
It’s important to stay up to date with security and we have more information about how to protect yourself from ransomware here.
Next steps for cybersecurity
When it comes to company’s cybersecurity, they are often focusing on the wrong issues. As soon as something new pops up that garners media attention or causes concern from their board of directors, which is based largely off whatever topic brings the most criticism or worry at any given time – these companies forget about all other threats. For example Facebook has been so laser-focused on fake news in recent months and completely forgotten about ransomware attacks like WannaCry last year when healthcare and logistics industries were hit hard with both phishing schemes and data breaches resulting in stolen information including credit card numbers being leaked for criminals to use elsewhere online where there was less security protection put into place by those organizations beforehand.
If there is one thing we’ve learned from recent events, it’s that the game of cybersecurity has changed and if companies want to stay ahead they need to do so proactively. Facebook was breached in a method unlike any other before – which only serves as an example for how quickly cybercriminals can pivot their strategy at will. Companies should be prepared not just now but also well into the future by adopting proactive measures because who knows what kind of attack could come our way tomorrow?
Tech Engine Australia recommend Remote Monitoring and Mangement tools for proactive security support. You can find out more about how this can benefit your business’ security with remote monitoring and Management
