September 29, 2018 at
Another Facebook scandal has recently surfaced with the exposure of as many as 50 million users. According to reports, affected users may be exposed to identity fraud as a result of the new recent cyber attack.
Facebook vulnerability exposes users’ private data
According to the Facebook, an unknown number of hackers managed to gain access to numerous accounts due to a previously unknown vulnerability. The flaw in Facebook’s systems has supposedly been there for over a year. The company has alerted the FBI immediately after the breach, and many suspect that the party responsible may have been a rogue state like Russia.
The hack is currently being investigated by GCHQ, which stated that attackers likely managed to gain full access to some of Facebook’s private profiles. British users are believed to be hit particularly hard and should be on the lookout for potential signs of fraud.
Meanwhile, Facebook finds itself in a tight spot once again, being forced to answer questions like why it took them so long to patch up the vulnerability. The situation is even worse due to the fact that they supposedly noticed unusual traffic on the platform as far back as in mid-September.
Regardless of the reason, the new privacy breach represents yet another embarrassing event for Facebook. Especially since the company had to admit that tens of millions of its users experienced data hijacking by Cambridge Analytica, earlier this year.
Facebook commented on this by saying that hackers managed to steal digital keys called tokens due to a system change that happened in July 2017. These tokens usually allow users to access the platform without the need to manually type in their password. The incident supposedly affected around 50 million accounts.
Thanks to the token theft, hackers managed to access the affected accounts, as well as photos, messages, and all other private data stored on the profiles. Upon realizing the size of the attack, Facebook contacted the FBI, and it also held two crisis press conferences. The company’s executives also admitted that attackers will be able to access third-party websites or apps that users were logged into via Facebook.
This includes apps like Instagram and others, but WhatsApp apparently was not affected. The company officials stated that the attackers or their motives are not currently known. However, according to the size of this attack, it was likely pulled off by an organized group of professionals.
Was the attack an intelligence-gathering operation?
Many have also noticed that the news of the attack came only a few weeks before the US midterm elections. This is one of a few events that Russian agents have been attempting to disrupt through similar incidents. Due to the amount of information that is stored on the network, Facebook is a huge source of intelligence for rogue states and groups alike.
National Cyber Security Centre’s spokesman stated that they are currently investigating the attack, as well as its consequences for the people in the UK. So far, there is no reason to believe that hackers actually managed to steal users’ passwords, so changing them doesn’t seem to be necessary at the moment. However, due to the fact that attackers likely managed to steal users’ email addresses, affected users are advised to watch out for phishing attacks.
What does this mean for Facebook?
As for Facebook itself, it could face a huge fine under the recent European data laws. Some claims say that the company might get a fine of billions of pounds in case that it is discovered that they have irresponsibly distributed users’ personal data. Some believe that this might very well be the case, considering how vague the company has been with describing the attack and its consequences.
The chief executive of Facebook, Mark Zuckerberg himself, also commented on the incident. He explained that the flaw came from a glitch that originated in a video feature that Facebook introduced in July of last year. As a consequence, another feature — View As — also gained a new vulnerability.
So far, Facebook has handled the attack by resetting the login details of around 90M users. That way, the company ensured that the loophole was closed. The additional 40 million accounts were logged out simply as a precaution, and there is no proof that they are affected by the attack.
At the moment, Facebook has over 2.2 billion users around the world, 40 million of which are UK-based.