Facebook has started to reveal more details regarding the hack they experienced in September 2018 which has put 30 million users’ data at risk.

One of the most popular websites on the planet, Facebook has managed to amass a mammoth user base which totals around 2.23 billion. As a result, Facebook is an organization which retains a near unparalleled amount of data on its servers. To say that it’s a target for hackers would be an understatement, it’s more like the holy grail for any hacker who’s ever picked up a keyboard. And now it’s been hacked.

Facebook may be a massive organization making billions of dollars in revenue every year, but this doesn’t mean they’re immune from security lapses. It’s a fact which highlights the importance of good cyber security for any organization operating in the digital sphere. Let’s take a look at what happened.

How Facebook Got Hacked

The techniques behind the Facebook hack are complex, but for a talented hacker the methods employed are relatively simple. Targeting in on three bugs in the Facebook code for the ‘View As’ section – which allows users to view their own profile as if they’re a different user – the hackers were able to obtain important ‘access tokens’. These access tokens are the pieces of code which ensure that users remain logged into Facebook without prompting for login information every time they try to access Facebook.

The hackers were able to build an initial pool of 400,000 accounts that they controlled with these access tokens. From here, the hackers began to harvest data from all these accounts and, when complete, used an automated process to hack into the accounts of friends listed on the initially compromised account. Moving from account to account in such a way ensured that the number of hacked accounts grew exponentially with the final figure totaling around 30 million hacked accounts. Sensitive and personal data, of course, is what hackers thrive on and within these 30 million accounts they found plenty.

15 million Facebook users found that the hackers were able to access their name and contact information, while another 14 million users had details compromised such as gender, current address, birth date and the last 10 places they checked in at. The remaining one million hacked accounts ‘merely’ had their access tokens compromised with no personal data being on offer to the hackers. Unfortunately, for Facebook users, it took nearly two weeks to bring the hack to a close. Unusual activity was first recorded on 14th September, but it wasn’t until 11 days later that Facebook was able to confirm an attack was taking place. Two days later the attack was shut down and new access tokens issued.

If Facebook Can Get Hacked

Facebook use their own code so, naturally, the exact hack that blighted their systems is unlikely to affect your organization. However, the vulnerability of software is a universal concern for any organization that faces the public digitally. As ever, the basics of good cyber security should be adhered to at all times such as:

  • Installing all updates at the point of issue
  • Regularly updating passwords to protect user accounts
  • Training your staff on the methods used to execute an attack

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


hacking-apple-idHackers are now turning to employees of organizations to help breach their defenses and this can be knowingly or unknowingly, but how are they doing it?

As this hacking technique doesn’t rely purely on digital attacks, it’s a unique problem in the world of cyber-security. Sure, the end result is the same in that the hackers want to access digital information, but this method of getting a head start makes their attacks more covert than ever.

To help you understand how these exploits can be initiated and unfold, I’m going to show you 4 ways that hackers are hacking your employees.

  1. USB Stick Hacks

USB sticks can cause huge issues for your PCs due to the amount of automated hacking software which can easily be loaded onto them; in some extreme cases, USB sticks can also be used to completely destroy a PC. More often than not, these attacks can be initiated by old fashioned human curiosity. A recent study showed that of 297 flash drives left in a college parking lot, over half of these drives ended up being plugged into a PC. Therefore, staff need to be made aware that unauthorized devices should never be plugged into their workstations.

  1. Website Information

Many organizations display details of their employees on their website in order to show the people behind the business. Whilst this is a great method for engaging customers and clients, it also allows hackers to begin building a portfolio of information on targeted individuals e.g. with access to photos and email addresses, it’s possible to not only target these email addresses, but actually track them down in real life. This opens up your employees to direct approaches and is a good reason why information about employees should be minimized on the public internet.

  1. Phishing

The oldest, and perhaps simplest, method of hacking employees is by phishing. Deceptively convincing, phishing attacks often take the form of genuine looking emails requesting personal information. The most common technique is for the hacker to fake a company email in order to obtain sensitive data e.g. emails are often dispatched which appear to originate from the organization’s IT department and request login details, but actually originate from outside the business. Employees need to receive regular training on how to spot phishing emails.

  1. Vishing and SmishingsmishingSTILL

A relatively new approach to hacking employees is via vishing (obtaining information via phone calls) and smishing (mining for data through SMS messaging). Vishing often takes the form of a phonecall from a potential customer, but it’s actually a hacker trying to learn information about the organization’s structure and security through careful questioning. Smishing tends to target employees with links that they’re encouraged to click and then forwards them to a phishing website to extract data. Again, good training is crucial to ensure your staff can recognize these threats.

These four methods of hacking your employees use a number of highly sophisticated methods that prey on human curiosity and misplaced trust. They’re also remarkably easy to execute, so the key is to remember that regular training to increase awareness is the best defense against such attacks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More