Last week FACEBOOK announced that hackers escaped with personal details of over 50 million users. Does it affect you? Is it risky? Let us see the details here under:
- Facebook provides an option of “View” which is a feature which allows the users to view as to how their profile appears when other people see them.
- 2017 was the year, when Facebook came out with new video upload functions on this VIEW feature.
- This came with three distinct bugs which the hackers exploited, and thus got access to the data of over 50 million users which even stretches to over 90 million users.
- The data hacked related to private messages, posts and pictures.
- Third party applications like Tinder and Swiggy could have been affected, when the users logged in through Facebook.
Action from Facebook:
Facebook in response has already logged out those users whose accounts are suspected to have been hacked. Again the users will have to login afresh. FB has also informed the law enforcement agencies in US about the hack and are investigating it.
Hack of Access Token:
- Password has not been compromised.
- Access tokens permits people to log into another app using Facebook and this is generated for a particular person and app. To quote, if a person has a Gmail account, just type the username and password and click enter. Now an access token will be generated which is a digital key which is generated for every new login which permits the user to login to the Gmail account.
- In respect of Facebook users, hackers were able to directly get the user’s Access Token which made them know the user name and password of the user. It did not matter even in cases where two way security was provided, by way of an OTP sent to the user’s mobile number to login to Facebook. This sort of hacking directly logs into Facebook hassle free.
- Facebook has not shared the details of data that has been hacked by the hackers. Using the tokens hackers were able to access Posts, Private messages or it permitted the hackers to post anything they wanted through the accounts.
- Hackers also have made efforts to get entry to the profile information like Name, Gender, Location and Photos from the compromised accounts.
- Also, Facebook confirms that hackers would have also got hold of any third party account that the user might have logged into via Facebook. To quote an example, if you had logged into a third party app like Tinder, the hacker could have gained access even to the Tinder profile. As of now it is not clear whether the hackers could access to such data or not.
Guidance to Users:
- Log out of all websites and services that normally you login using Facebook login.
- Instead of logging through Facebook, Twitter or Google, ensure to create a separate login and different password, to enter such sites.
- Password Manager like Lastpass may be used to store the different passwords created.