It wasn’t too hard to hear about the Facebook HACK that occurred this past Friday. It was reported on every known media source (websites, news stations, posts, blogs, etc.) as it should have been.
This past Friday, Facebook announced that it had discovered evidence of a security breach affecting almost 50 million accounts. If you recall, data privacy was a topic in one of my prior posts.
As reported, the company’s investigation is in its early stages, so there are still many unknowns about the cyber-attack. Here’s a rundown of what’s know so far based on the details Facebook has released to the public.
Facebook’s security team began noticing an unusual spike in user access to the website. After investigating, they found that Hackers had exploited some vulnerabilities that existed within Facebook’s code (i.e. software).
The Hackers gained access to some security information (known as “access tokens”) that lets people use Facebook without having to enter their login credentials every time, from 50 million accounts.
With this information, the hackers are essentially able to log in and take over users’ accounts. Facebook claims there is no evidence thus far indicating that the hackers read private messages, posted anything to account pages, or stole credit card numbers. However, the Hackers did attempt to access personal information, which could have included details like name, gender, and hometown.
The Hackers are considered to be “highly” sophisticated. You think? Having our largest social-media platform breached seems to back this up.
The Hackers identity is unknown and it isn’t clear if they will ever know.
Facebook has patched the known security vulnerability. The company also reset the “access tokens” for the 50 million affected accounts, as well as for 40 million additional accounts as a precautionary measure.
What should you do if you’re a Facebook user:
Users have to delink and relink their Instagram and Oculus accounts to their Facebook accounts.
Facebook claims users do not need to change their passwords, but they may want to log out and back in to be safe.
My advice - change your password to be safe and do not use the same password you use to access any of your financial accounts.
Some additional fall out:
Clearly, there will be increased scrutiny from our federal government on Facebook’s security practices.
Facebook’s breach causes all sort of problems with stricter Privacy laws (ex. the European Union).
As further reported, if there’s any evidence which points to the fact they knew about this vulnerability and chose to ignore its potential risks, there will certainly be class-action suits in the making. In fact, an individual from California and one from Virginia already filed suits.
Well, as always, I hope this information proves useful and inspires you to continue to educate yourself on the importance of protecting the confidentiality of your private information.