Facebook hit with class-action lawsuit after massive security breach

Eileen GuzmanOct 02, 2018

You didn't forget that Facebook owns Instagram, did you?

They want answers from the Facebook boss after millions of users were left vulnerable to identity fraud in the biggest cyber attack on the social media giant since it was created in 2004. After spotting some unusual activity earlier this month, Facebook realized what was going on on Tuesday evening and subsequently revoked these access tokens before disclosing the hack publicly on Friday - though not before 50 million people were affected. Guy Rosen, Facebook's vice president of product management, stated in the blog post revealing the bug: "The vulnerability was on Facebook, but these access tokens enabled someone to use the account as if they were the account-holder themselves".

Next up is the waiting game, as Facebook continues its investigation and users scan for notifications that their accounts were targeted by the hackers.

According to Business Insider, the security vulnerability also allowed hackers access to other social media accounts tied to the Facebook account, including Spotify, Instagram, AirBnB and Tinder. But the benefit comes at a cost, all these platforms will share the same access credentials.

These access keys also let the attackers theoretically access any other services that someone used Facebook's login service to log in to, whether that's dating app Tinder, or a niche smartphone game, and gain access to highly personal information.

Rosen would not confirm whether the breach was state-backed, but added the hackers "did need a certain level in order for attacker not only get access but to pivot on the access tokens".

The company also said it is temporarily disabling the "View As" feature until it conducts a security review. So far, though, none of these issues have significantly shaken the confidence of the company's 2 billion global users. After the infamous Cambridge Analytica Scandal that affected over 80 million Facebook user accounts, the company has once again reported of a new breach that affects 90 million Facebook users.

"Because this issue impacted access tokens, it's worth highlighting that these are the equivalent of a username and password combination but are used by applications to authenticate against other applications", said Tim Mackey, senior technical evangelist at Synopsys.

Given the recent attention on Facebook by regulators within the U.S. and overseas, Kargathra said Facebook needed to demonstrate a robust approach to breach management that expressed a focus on the protection of user data and transparency of activities undertaken in response to the incident. There you will see a hyperlinked text saying "Where you're logged in".

Do you work at Facebook? Two-factor authentication involves the use of a one-time password as you try to log into your account.

So it doesn't matter how strong your password was, or whether two-factor authentication was set up. Possession of those tokens would allow attackers to control those accounts. It is unclear how long the hackers will be able to use the access tokens to get into third party apps.

Related Articles:

« Previous article
Next article »

Popular Pages

Neville says Mourinho not to blame for United mess
Meanwhile, Alexis Sanchez's future at Manchester United is also said to be in serious doubt. I see upset people, some people that don't look like they lost a game, I see 'so-so'.

F-35 military plane crash reported in Beaufort County, South Carolina
On the same day, the USA military said it carried out its first operation with the plane in Afghanistan. MCAS Beaufort is home to Marine Fighter Attack Training Squadron 501 (VMFAT-501), the "Warlords".

Boy, 13, hospitalized with 'traumatic injuries' after shark attack
Lifeguard boats and personal watercraft were patrolling the shore Saturday, and a sheriff's helicopter monitored overhead. The victim was attacked in about 9 feet of water and was approximately 150 yards offshore, Giles said.

Excitement builds ahead of Ryder Cup - 9/27/2018 4:45:25 AM
He went 3-1-0 at Hazeltine and won two majors this season alone, so I should have more confidence in him than I do. Garcia said he thrived on being part of a team in a sport where solitary focus is the norm.

US, Mexico, Canada agree on new trade pact to replace NAFTA
Ottawa and Washington remained at odds over Canada's subsidized dairy sector, and the dispute resolution provisions in NAFTA. The trade imbalance would change, Trump said in June during a press conference at the Group of Seven (G7) summit in Canada.

Raj Kapoor's wife Krishna dies
Everyone was very close to her and she has been often credited for keeping the family together. Deepest condolences to the Kapoor and Nanda family on the passing of #KrishnaRajKapoor.

Seahawks' Thomas carted off field vs. Cards
Thomas had been in a contract dispute with the Seahawks as they were unwilling to sign him to a long-term deal. He is in the final year of a contract that includes an $8.5 million salary.

Man diagnosed with world's first human case of rat disease hepatitis E
A man in Hong Kong is the first human to become infected with a type of hepatitis E infection that's only been seen in rats. An estimated 20 million people are infected with hepatitis E every year, according to the World Health Organization.

Cristiano Ronaldo Responds to Rape Allegation
Police announced the case was re-opened on Monday. "Nobody sued us in connection with earlier Ronaldo reports", he told Reuters. According to her complaint, Ronaldo said he was sorry after the attack and that " he was usually a gentleman ", CNN reports.

Iran fires missiles at militants in Syria over parade attack
After that assault, the Guards said they had fired missiles into Syria that had successfully hit IS targets. Both the Islamic State group and an Arab separatist group have claimed the assault .