Facebook announced late last week that it had suffered the largest breach in its history with 50 million accounts were compromised, and another 40 million accounts affected. Yes, that equals 90 million accounts. If you use Facebook and were locked out of your account over the weekend, your account was most likely affected. The 50 million accounts that were compromised included the ability for the attackers to actually take over the account.
According to Facebook, there was a code vulnerability in the “View As” feature, which allows people to see what their profile looks like to other people. The hackers stole the keys that allow users to stay logged into Facebook without re-entering a password, while also allowing users to log in to other websites through Facebook. So in essence, the hackers accessed the Facebook account, but also could see and potentially take control of other online accounts of the user that were linked to the Facebook account. Ouch.
Facebook announced that it has fixed the vulnerability, but nonetheless, there is a lot of information in a Facebook account that hackers can use to launch additional campaigns and scams against users through social engineering and by leveraging the information to attack your Facebook friends.
The Federal Trade Commission (FTC) was so concerned that it sent out a consumer alert stating that Facebook users should watch out for imposter scams and change their Facebook account password, as well as other passwords of accounts that may have been linked to your Facebook account. Further, since individuals put a lot of information about themselves on Facebook, the FTC recommends changing security questions that can be guessed from information on your Facebook account (e.g., What high school did you go to? What is your dog’s name? etc.).
All social media sites are vulnerable to security risks, so consider the risk when deciding whether or not to open a social media account. Not only did Facebook just experience the largest breach in its history, and admitted earlier in the year that it was selling users’ information to third parties that eventually ended up in Cambridge Analytica’s hands and used for political purposes, but recently, it was also reported that Facebook is disclosing its users’ telephone numbers to advertisers. With cell phone numbers used for multi-factor authentication, the disclosure of this information to third parties is concerning to security experts.
Consider assessing the risks of using social media platforms when you open an account, and reassessing that platform as additional risks become known.