Last week it was made known to the public that Facebook’s security was breached. On September 16th, Facebook engineers discovered an attack on their systems that took over a week to fully control and stop. It is estimated that the attackers gained access to close to 50 million user accounts within that time. Facebook did clearly state that no credit card information was leaked during the attack.
The attack came as a result of a vulnerability within the “view as” feature of Facebook that lets user see their page as someone else would. By manipulating a bug in this feature, attackers were able to hijack user accounts for full access. They could post, view, and/or delete, anything they wanted from a personal account as if they were the account owner themselves. They also managed to hijack user tokens, which are a sort of digital key that authenticates a session.
At this point, we do not know much about the attackers or the results of the attack. It is unknown how many accounts were actually manipulated during the attack. The identity and motive of the attackers are also unknown.
In response, Facebook forcibly logged out 90 million user accounts- the 50 million potentially compromised accounts as well as 40 million other accounts as a precaution. If you were within the 90 million, you will have received a notification about the issue. They have also publicly announced that they are heavily investing in the integrity of their defense. Facebook plans to double their security force, increasing from 10,000 to 20,000 active security workers.
The EU has also responded in kind. The Irish Data Protection Commission has launched an investigation of Facebook over their security risk. This seems to be the first real test of the EU’s new General Data Protection Regulation. With these rules, the GDPR may fine Facebook up to $1.6 Billion.
While promises of increased security is good news for Facebook and their users, it is hard to forget Facebook’s problems with security and privacy in recent years. Pushing privacy concerns aside for the moment, Facebook has had THREE separate security breaches within the last year. The largest of these, known as the Cambridge Analytica data breach, put 87 million users at risk.
So how can we the users protect ourselves? Honestly, you may just want to be cautious about what sort of personal data you trust to these targeted tech giants. Following Facebook’s recent track record, we can probably expect more data breaches – either sooner or later. So upload what you don’t mind losing and maybe think twice about your more private data.
As always, stay safe out there.
Jake M.
On behalf of the team at PJ-Networks
