Facebook has started to reveal more details regarding the hack they experienced in September 2018 which has put 30 million users’ data at risk.

One of the most popular websites on the planet, Facebook has managed to amass a mammoth user base which totals around 2.23 billion. As a result, Facebook is an organization which retains a near unparalleled amount of data on its servers. To say that it’s a target for hackers would be an understatement, it’s more like the holy grail for any hacker who’s ever picked up a keyboard. And now it’s been hacked.

Facebook may be a massive organization making billions of dollars in revenue every year, but this doesn’t mean they’re immune from security lapses. It’s a fact which highlights the importance of good cyber security for any organization operating in the digital sphere. Let’s take a look at what happened.

How Facebook Got Hacked

The techniques behind the Facebook hack are complex, but for a talented hacker the methods employed are relatively simple. Targeting in on three bugs in the Facebook code for the ‘View As’ section – which allows users to view their own profile as if they’re a different user – the hackers were able to obtain important ‘access tokens’. These access tokens are the pieces of code which ensure that users remain logged into Facebook without prompting for login information every time they try to access Facebook.

The hackers were able to build an initial pool of 400,000 accounts that they controlled with these access tokens. From here, the hackers began to harvest data from all these accounts and, when complete, used an automated process to hack into the accounts of friends listed on the initially compromised account. Moving from account to account in such a way ensured that the number of hacked accounts grew exponentially with the final figure totaling around 30 million hacked accounts. Sensitive and personal data, of course, is what hackers thrive on and within these 30 million accounts they found plenty.

15 million Facebook users found that the hackers were able to access their name and contact information, while another 14 million users had details compromised such as gender, current address, birth date and the last 10 places they checked in at. The remaining one million hacked accounts ‘merely’ had their access tokens compromised with no personal data being on offer to the hackers. Unfortunately, for Facebook users, it took nearly two weeks to bring the hack to a close. Unusual activity was first recorded on 14th September, but it wasn’t until 11 days later that Facebook was able to confirm an attack was taking place. Two days later the attack was shut down and new access tokens issued.

If Facebook Can Get Hacked

Facebook use their own code so, naturally, the exact hack that blighted their systems is unlikely to affect your organization. However, the vulnerability of software is a universal concern for any organization that faces the public digitally. As ever, the basics of good cyber security should be adhered to at all times such as:

  • Installing all updates at the point of issue
  • Regularly updating passwords to protect user accounts
  • Training your staff on the methods used to execute an attack

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


facebook-messenger

Facebook has 2 billion users, so it’s more than likely that the majority of your employees use it. However, did you know that Facebook can spread malware?

Malicious links – which appear to be for video files – are now being sent to users by their friends, but these links are highly deceptive. The main aim seems to be to collect login credentials and it doesn’t appear to download any malicious software such as ransomware. So, it may not be the most dangerous piece of malware, but it’s certainly a nuisance and indicates that a major malware attack could easily spread through millions, if not billions of systems.

Social media is an important sector of the business world now, so we’re going to take a look at exactly what’s happened in Facebook messenger and the best practices to avoid falling victim.

Click This Link…

The malicious messages arrive in users’ inbox and start with the user’s first name and simply say ‘video’ followed by a link which uses either a bit.ly or t.cn address. The link will then take the user to a Google Docs document which mimics a landing page and appears to house a playable video.

What’s interesting about clicking the video in question is that the destination it takes the user to is dependent on their web browser. Chrome users are taken to a fake YouTube page which downloads a malicious Chrome extension and Firefox users are redirected to a page requesting a download of malware disguised as a Flash player install. The malware delivered to Firefox users appears to consist of adware, so this indicates a financial motive, but the Chrome extension’s objective isn’t entirely clear.

Although there doesn’t appear to be any major damage caused by this malware campaign, it’s still considered a massive threat as it’s believed the malicious links are being spread by hijacked accounts. And this ensures that more and more spam is spread across Facebook and more login credentials are harvested along the way.

Now-Hackers-Can-Hack-Facebook-Messenger-App-To-Read-Or-Alter-Messages

Avoiding Facebook Malware

While email still packs a major punch in the world of malware, hacking messenger software is a natural progression due to its shift in popularity for communicating. And the Facebook Messenger malware demonstrates that there’s a possibility it could evolve into something much more dangerous. Therefore, it’s important that you take the following precautions to protect your organization’s networks:

  • Social media – on a personal level – access should be restricted, if not entirely banned, as it’s considered a huge distraction to workers. And, with this latest malware campaign, it would appear that it will soon become a popular access point for hackers to exploit – in fact, this isn’t the first Facebook hack to make headlines.
  • Employees need to be educated about the danger of clicking random links even if they’re sent by close friends. It only takes one click of a link for a hacker to gain access to every PC on your network, so this danger needs to be emphasized to all employees as part of their IT induction.
  • The importance of good password security should regularly be communicated to your staff. Facebook, for example, contains a vast amount of personal information such as where users works and, coupled with stolen login credentials, this could give hackers a head start on infiltrating your organizations network; this risk is magnified if passwords are not personalized for different applications.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More