It’s not been a long time since Facebook’s previous security issues were in news and their protection policies were criticised revealing the information of huge number of accounts , now announced that more than 50 million user accounts got hacked and their network security seems to be in danger.
That’s probably be the biggest hack of Facebook ever !
Yesterday on Friday , the Silicon Valley tech firm revealed that it had detected a security breach in which an as-yet unknown attacker, or attackers, managed to gain access to tens of millions of users’ accounts by exploiting vulnerabilities in its software.
But it wasn’t until a second, follow-up conference call with reporters on Friday that Facebook acknowledged one of the most alarming parts of the incident: Not only did the hackers obtain the ability to access the Facebook accounts of the affected users, they also had access to any other service in which a person used their Facebook account to register – including apps like Tinder, Spotify, and Airbnb.
Facebook Is Not Alone
Security specialists claims that Instagram which is owned by Facebook is also at risk and that also have been affected by this.
The revelation drastically widens the potential impact of the hack, putting people’s private data elsewhere across the web at risk. It may force the numerous major companies and startups reliant on Facebook’s login service to audit their own systems for evidence of malicious activity as a result.
Tinder, Airbnb, and Spotify – perhaps three of the highest-profile tech companies to use Facebook’s login service – did not immediately respond to Business Insider’s request for comment.
WHAT ACTUALLY HAPPENED ?
Now the question is what actually happened and how the situation arises ?
Well it has been heard that the attackers found a way to trick Facebook into issuing them “access tokens” – basically, digital keys – that let them access other users’ accounts as if they were that user. After spotting some unusual activity earlier this month, Facebook realized what was going on on Tuesday evening and subsequently revoked these access tokens before disclosing the hack publicly on Friday – though not before 50 million people were affected.
These access keys also let the attackers theoretically access any other services that someone used Facebook’s login service to log in to, whether that’s dating app Tinder, or a niche smartphone game, and gain access to highly personal information.
But that is also not cleared whether this happened or something else was the reason – when asked, a Facebook executive said only that the company was early in its investigation – but the possibility may force the other companies to undertake their own investigations into the issue.
Still it’s not clear who is behind this hack ,how they did that, whether the attacks were targeted, and the reason behind it. Facebook has now patched the vulnerabilities and revoked the compromised access tokens, forcing affected users to log back in (though their passwords haven’t been compromised, the company says) and notifying them about the issue.
Actually the flaw or defect was discovered by Facebook on Tuesday, allowed attackers to take over Facebook users’ accounts, and the company’s stock dropped 3% on the news.
“Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts,” Facebook’s VP of Product Management Guy Rosen wrote in a blog post announcing the news.
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
Facebook says it’s not yet clear who is behind the attack.
HOW TO KNOW YOUR ACCOUNT HAS BEEN HACKED ?
There are several different ways hackers use a breached Facebook account. Automatic log-ins through Facebook allow hackers access to many different site accounts once they’ve taken over your Facebook. Spammers also hack Facebook accounts to gain access to your following. From your profile, a hacker can additionally gather a lot of personal information about you that can be used to steal your identity.
If you worry that your account has been hacked, there is a simple way to check. Go to the arrow in the upper right-hand corner of your Facebook page and click on it. In the menu, select Settings. A new menu will pop up. Choose Security and Login and then Where You’re Logged In.
Other signs you may have been hacked
Some other ways to tell if your account has been hacked are:
- Your name, birthday, email or password has been changed
- Someone sent out friend requests to people you don’t know
- Messages have been sent from your account, but you didn’t write them
- Posts are appearing on your timeline that you didn’t post
How to keep your Facebook account safe
After you secure your account, make it safer. Facebook is jam-packed with security features, you just need to activate them. Open Facebook in your browser and go to Settings > Security and Login > Setting Up Extra Security.
- Turn on login alerts so that you receive notifications when your account is logged into. This helps you catch a hacker early, before any major damage is done.
- Enable two-factor authentication, then choose an extra layer of security from the list.
- Choose your trusted contacts and add a few close friends or family members that can help you unlock your account if it ever becomes hacked.
SOURCE – businessinsider