This time, the company acknowledges that it mishandled sensitive passwords for hundreds of millions of its users, primarily those who use its Facebook Lite product. The disclosure casts doubt on the company’s abilities to protect its users’ information as it focuses more on privacy.
On Thursday, Facebook said it didn’t properly mask the passwords of hundreds of millions of its users and stored them as plain text in an internal database that could be accessed by its staff.
The company said it discovered the exposed passwords during a security review in January and launched an investigation. Facebook did not say how long it had been storing passwords in this way.
Read entire post Facebook staff had access to hundreds of millions of people’s passwords | Donie O’Sullivan and Kevin Collier | CNN Business
Facebook, Instagram and WhatsApp are all back online and working as normal after a 14-hour outage left many users unable to post updates.
Facebook’s outage cost small advertisers thousands of dollars
Facebook and Instagram both started experiencing difficulty at around 4pm GMT on March 13, according to data from website Downdetector, which monitors online outages.
Error messages on both sites stated: “Oops… Something went wrong. We’re working on getting it fixed as soon as we can“.
Many users took to other social networks such as Twitter to vent their frustration at being unable to access the online services.
The attraction of cybercrime to criminal hackers is obvious: tangled webs of interactions, relatively low penalties, disjointed approaches on money laundering and potentially massive payouts.
The key is preparation and seeing vulnerabilities, and resilience, in terms of interactions with overall management systems, and that’s where Information Security Management Systems (ISMS) standard ISO/IEC 27001 comes in.
This is the flagship of the ISO/IEC 27000 family of standards, which was first published more than 20 years ago.
It has been constantly updated and expanded to include more than 40 International Standards
Developed by ISO/IEC JTC 1, the joint technical committee of ISO and the International Electrotechnical Commission (IEC) created to provide a point of formal standardization in information technology, it has been constantly updated and expanded to include more than 40 International Standards covering everything from the creation of a shared vocabulary (ISO/IEC 27000), risk management (ISO/IEC 27005), cloud security (ISO/IEC 27017 and ISO/IEC 27018) to the forensic techniques used to analyse digital evidence and investigate incidents (ISO/IEC 27042 and ISO/IEC 27043 respectively).
What to make of the New York Times’ latest story about Facebook’s broad data-sharing agreements?
The story, which draws on internal documents describing the company’s partnerships, reports on previously undisclosed aspects of business partnerships with companies including Apple, Amazon, Microsoft, Spotify, and Netflix. In some cases, companies had access to data years after it was supposed to have been cut off.
The story, which builds on reporting earlier this year from both the Times and the Wall Street Journal, describes a variety of data-sharing partnerships, some of which users were likely unaware of. They include:
- Giving Apple access to users’ Facebook contacts and calendar entries, even if they had disabled data sharing, as part of a partnership that still exists. Apple told the Times it was unaware that it had special access, and of the data described would never leave the user’s device.
- Giving Amazon the names and contact information of users, in a partnership that is currently being wound down. Amazon wouldn’t discuss how it used the data other than to say it had used it “appropriately.” On Twitter, Gizmodo’s Kashmir Hill speculated that Amazon may have used the data to fight review fraud.
- Giving Bing, the Microsoft search engine, access to see names and other profile information of a user’s friends. Microsoft said it has since deleted the data. Facebook says that only user data set to “public” was accessible to Microsoft.
- Giving Spotify, Netflix, and the Royal Bank of Canada the ability to read users’ private Facebook messages.
Here’s how the story is framed by reporters Gabriel J.X. Dance, Michael LaForgia, and Nicholas Confessore.
Although this is a satirical video, there is a lot to take out from this ”testimony”. What are your thoughts? Leave your comments below!
Those behind the attack told the BBC Russian Service that they had access to 120 million accounts, although this has been branded “unlikely” by Digital Shadows, whose researchers were called in to investigate.
In fact, the seller, “FBSaler,” provided a total dataset to reporters of around 257,000 profiles.
The largest number of profiles (30%) are Ukrainian, followed by Russia (9%), although users from the US, UK and Brazil are also said to be represented.Just 81,000 are certain to have been compromised, as private messages were included. The remaining 176,000 may have simply had profile information like names, addresses, contact numbers, and interests taken because accounts were left wide open by users.
The accounts are not thought to be linked to the Cambridge Analytica scandal, or the more recent breach of 30 million accounts which occurred after attackers obtained access tokens.
Facebook has issued a password reset for around 90 million users, after a flaw was found in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else.
According to a statement by Guy Rosen, VP of product management at Facebook, the flaw was discovered on Tuesday 25th September, and affected almost 50 million accounts. He said that the flaw would have allowed an attacker steal Facebook access tokens which they could then use to take over people’s accounts.
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” he said.
According to the research of Adi Raff and Yuval Shapira, the malware infects users by abusing a Google Chrome extension, the Nigelify application. Hence the malware has been dubbed Nigelthorn.
The malware has been known since March 2018. Malicious actors have socially engineered links on Facebook so that when users click on the link, they are redirected to a fake YouTube page. Rather than watching the video they expect to see, they are asked to install the dubious extension.
Read entire article Chrome Extension Malware Targets Facebook | InfoSecurity | Kacy Zurkus
In the aftermath of the Facebook scandal, there have been some cries of outrage, with several users claiming that they will be deleting their accounts. Reuters recently polled users to see just how much impact the scandal has had on the social media giant.
The results show that Facebook has suffered little consequence. The Cambridge Analytica privacy scandal erupted on 16 March, prompting the hashtag #deletefacebook. Yet the number of monthly users continued to grow as the first quarter came to a close, with a recorded 241 million users in the United States and Canada as of 31 March.
Reuters found that 22% of the users polled confessed that they use Facebook more. Only 16% reported that they use the site less, while 43% said that they have not changed their frequency of use. That begs the question: how frequently are users accessing the Facebook site?
Read entire article Facebook Users Undeterred by Privacy Scandal | InfoSecurity | Kacy Zurkus