Facebook staff had access to hundreds of millions of people’s passwords

This time, the company acknowledges that it mishandled sensitive passwords for hundreds of millions of its users, primarily those who use its Facebook Lite product. The disclosure casts doubt on the company’s abilities to protect its users’ information as it focuses more on privacy.

On Thursday, Facebook said it didn’t properly mask the passwords of hundreds of millions of its users and stored them as plain text in an internal database that could be accessed by its staff.

The company said it discovered the exposed passwords during a security review in January and launched an investigation. Facebook did not say how long it had been storing passwords in this way.

Read entire post Facebook staff had access to hundreds of millions of people’s passwords | Donie O’Sullivan and Kevin Collier | CNN Business

Advertisements

Facebook and Instagram back online after 14 hours outage – here’s what happened

Facebook, Instagram and WhatsApp are all back online and working as normal after a 14-hour outage left many users unable to post updates.

Facebook’s outage cost small advertisers thousands of dollars

Facebook and Instagram both started experiencing difficulty at around 4pm GMT on March 13, according to data from website Downdetector, which monitors online outages.

Error messages on both sites stated: “Oops… Something went wrong. We’re working on getting it fixed as soon as we can“.

Many users took to other social networks such as Twitter to vent their frustration at being unable to access the online services.

Read entire post Facebook and Instagram back online after 14 hours outage – here’s what happened | Sophie Curtis | Mirror

How to tackle today’s IT security risks

The attraction of cybercrime to criminal hackers is obvious: tangled webs of interactions, relatively low penalties, disjointed approaches on money laundering and potentially massive payouts.

The key is preparation and seeing vulnerabilities, and resilience, in terms of interactions with overall management systems, and that’s where Information Security Management Systems (ISMS) standard ISO/IEC 27001 comes in.

This is the flagship of the ISO/IEC 27000 family of standards, which was first published more than 20 years ago.

It has been constantly updated and expanded to include more than 40 International Standards

Developed by ISO/IEC JTC 1, the joint technical committee of ISO and the International Electrotechnical Commission (IEC) created to provide a point of formal standardization in information technology, it has been constantly updated and expanded to include more than 40 International Standards covering everything from the creation of a shared vocabulary (ISO/IEC 27000), risk management (ISO/IEC 27005), cloud security (ISO/IEC 27017 and ISO/IEC 27018) to the forensic techniques used to analyse digital evidence and investigate incidents (ISO/IEC 27042 and ISO/IEC 27043 respectively).

Read entire post How to tackle today’s IT security risks | Katie Bird | ISO.org

Facebook gave Spotify and Netflix access to users’ private messages

What to make of the New York Times’ latest story about Facebook’s broad data-sharing agreements?

The story, which draws on internal documents describing the company’s partnerships, reports on previously undisclosed aspects of business partnerships with companies including Apple, Amazon, Microsoft, Spotify, and Netflix. In some cases, companies had access to data years after it was supposed to have been cut off.

> See also:  6-Year-Old explains how messed up it is that her entire life has been put on Facebook

The story, which builds on reporting earlier this year from both the Times and the Wall Street Journal, describes a variety of data-sharing partnerships, some of which users were likely unaware of. They include:

  • Giving Apple access to users’ Facebook contacts and calendar entries, even if they had disabled data sharing, as part of a partnership that still exists. Apple told the Times it was unaware that it had special access, and of the data described would never leave the user’s device.
  • Giving Amazon the names and contact information of users, in a partnership that is currently being wound down. Amazon wouldn’t discuss how it used the data other than to say it had used it “appropriately.” On Twitter, Gizmodo’s Kashmir Hill speculated that Amazon may have used the data to fight review fraud.
  • Giving Bing, the Microsoft search engine, access to see names and other profile information of a user’s friends. Microsoft said it has since deleted the data. Facebook says that only user data set to “public” was accessible to Microsoft.
  • Giving Spotify, Netflix, and the Royal Bank of Canada the ability to read users’ private Facebook messages.

Here’s how the story is framed by reporters Gabriel J.X. Dance, Michael LaForgia, and Nicholas Confessore.

Read entire article Facebook gave Spotify and Netflix access to users’ private messages | Casey Newton | The Verge

6-Year-Old explains how messed up it is that her entire life has been put on Facebook

Although this is a satirical video, there is a lot to take out from this ”testimony”. What are your thoughts? Leave your comments below!

See also Do you know what you agree to when you download an app on your smartphone?

Here we go again… 80,000 Facebook user accounts compromised

Those behind the attack told the BBC Russian Service that they had access to 120 million accounts, although this has been branded “unlikely” by Digital Shadows, whose researchers were called in to investigate.

In fact, the seller, “FBSaler,” provided a total dataset to reporters of around 257,000 profiles.

The largest number of profiles (30%) are Ukrainian, followed by Russia (9%), although users from the US, UK and Brazil are also said to be represented.Just 81,000 are certain to have been compromised, as private messages were included. The remaining 176,000 may have simply had profile information like names, addresses, contact numbers, and interests taken because accounts were left wide open by users.

The accounts are not thought to be linked to the Cambridge Analytica scandal, or the more recent breach of 30 million accounts which occurred after attackers obtained access tokens.

> Read entire article Over 80,000 Facebook user accounts compromised | Phil Muncaster | InfoSecurity

Irish Data Protection Commission confirms Facebook probe is underway

Ireland’s Data Protection Commission (DPC) has confirmed that it has launched an investigation into the massive data breach at Facebook that was disclosed last week.

At least 50m accounts were breached, with a further 40m potentially affected. The breach is the largest in Facebook’s 14-year history and the company is still trying to determine whether the attacker misused any accounts or stole private information.

The case could be one of the first major tests of the EU’s General Data Protection Regulation (GDPR) legislation which came into force in Europe in May. Under GDPR rules, companies could be hit with fines of up to €20m or 4pc of global turnover, whichever is higher. Not only that, but affected EU users are empowered under the rules to take litigation against companies if they have been affected.

> Read entire article Irish Data Protection Commission confirms Facebook probe is underway | John Kennedy | siliconrepublic

Facebook resets 90 million user passwords as flaw is discovered

Facebook has issued a password reset for around 90 million users, after a flaw was found in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else.

According to a statement by Guy Rosen, VP of product management at Facebook, the flaw was discovered on Tuesday 25th September, and affected almost 50 million accounts. He said that the flaw would have allowed an attacker steal Facebook access tokens which they could then use to take over people’s accounts.

“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” he said.

> Read entire article Facebook resets 90 million user passwords as flaw is discovered | Dan Raywood | InforSecurity

Chrome Extension Malware Targets Facebook

According to the research of Adi Raff and Yuval Shapira, the malware infects users by abusing a Google Chrome extension, the Nigelify application. Hence the malware has been dubbed Nigelthorn.

The malware has been known since March 2018. Malicious actors have socially engineered links on Facebook so that when users click on the link, they are redirected to a fake YouTube page. Rather than watching the video they expect to see, they are asked to install the dubious extension.

The extension then executes a malicious JavaScript code, turning the victim’s computer into part of a botnet. The Hacker News reported that the malware has infected more than 100,000 users with a malicious browser extension that performs credential theft, crypto-mining, click fraud and more.

Read entire article Chrome Extension Malware Targets Facebook | InfoSecurity | Kacy Zurkus

Facebook Users Undeterred by Privacy Scandal

In the aftermath of the Facebook scandal, there have been some cries of outrage, with several users claiming that they will be deleting their accounts. Reuters recently polled users to see just how much impact the scandal has had on the social media giant.

The results show that Facebook has suffered little consequence. The Cambridge Analytica privacy scandal erupted on 16 March, prompting the hashtag #deletefacebook. Yet the number of monthly users continued to grow as the first quarter came to a close, with a recorded 241 million users in the United States and Canada as of 31 March.

Reuters found that 22% of the users polled confessed that they use Facebook more. Only 16% reported that they use the site less, while 43% said that they have not changed their frequency of use. That begs the question: how frequently are users accessing the Facebook site?

Read entire article Facebook Users Undeterred by Privacy Scandal | InfoSecurity | Kacy Zurkus

Facebook keeps tabs on Android SMS and calls

Users find Facebook has been keeping records of their calls and text messages.

Published on InfoSecurity | By Phee Waterfield

One week after the Cambridge Analytica data breach went public, Facebook is continuing to lose trust with its users as many go to delete their accounts.

however, for many users, the surprises keep coming, as they were shocked to find out Facebook had been collecting call records and SMS messages.

According to Ars Technica, a user from New Zealand, Dylan McKay was looking through data Facebook had collected, which he had downloaded from the social network site. While scanning through information the tech giant had about his contacts, McKay discovered that Facebook had about two years’ worth of phone call metadata from his Android phone, including names, phone numbers and the length of each call made or received.

Since this original flag, many users have also taken to Facebook with their own Facebook data archives.

Read entire article Facebook Keeps Tabs on Android SMS and calls | InfoSecurity

Mark Zuckerberg: “I’m really sorry that this happened”

Facebook founder Mark Zuckerberg tells CNN Senior Tech Correspondent Laurie Segall he’s sorry about the Cambridge Analytica scandal.

[siteorigin_widget class=”SiteOrigin_Widget_Headline_Widget”]

“,”after_widget”:”

","before_title":"<h3 class="widget-title">","after_title":"</h3>","widget_id":"widget-0-0-1"}}” />[/siteorigin_widget]