Well, I tell ya, when you’re busy writing away, you tend to forget about some of the big news headlines that have occurred. Such is the case with me last Friday. As I was preparing for some big-time podcasts coming up later this week, I completely oversaw the recent Facebook hacking news. Apparently, some 50 accounts were hacked into, and another 90 million users were forced to log off and log back in again.
So, what does this all exactly mean? Well, here are some key things that you need to keep in mind:
*Facebook knew that something was going to happen:
Since September 16th, the Cyber security staff detected unusual spikes in data packet anomalies – this is usually indicative that something big is going to happen.
*The Cyber attackers took advantage of three serious flaws in the Facebook platform:
These are flaws are as follows:
*Users were offered an option to upload any video they wanted which essentially says “Happy Birthday” when the recipient accesses their own page;
*This video uploader created an access token that gave the Cyber attacker to log into the user’s version of the Facebook mobile app;
*This same token was also used to hack into the accounts of the people you were trying to look up in Facebook and view their profile.
*Your account was not totally compromised, just the tokens that you use:
From what I have read so far, I don’t think your actual account has been 100% compromised, rather it is that token once again that was hijacked. This is what lets you get back into Facebook without having to log off and log in back again each time you want to access your account.
*Your Facebook account password can still be compromised:
As mentioned, although your account was not completely compromised, there is still the strong potential that your password can sill be very easily hijacked by using other tokens that have been specially programmed to do so using a specialized API. Because of this, your complete personal information and data are at grave risk – your best line of defense against this? Frequently keep resetting your password, yes, a pain, but in this case, consider the use of a Password Manager.
*Your other mobile apps are at risk also:
If you use your iPhone or Android device to keep logged into your Facebook account, the other mobile apps in which you have signed using your Facebook credentials are also at grave risk. Perhaps you should consider resetting those passwords as well, just to be on the safe side.
*How do know if your Facebook account has been hacked into?
Believe it or not, Facebook has actually made this process quite easy; just follow these steps:
*Go to “Account Settings”;
*Go to “Security and Login”;
*Go to “Where You’ve Logged Into”:
The last step will give you a listing of all of the TCP/IP Addresses and their related devices that have accessed your account. If any of them look unfamiliar, all you have to do is revoke that particular session with just a click of your mouse.
My thoughts on this?
Further research on this has revealed that Facebook has also advised its subscriber base to reset their Instagram and/or Oculus if those sites were linked to their Facebook credentials. The idea of this is to once again have those tokens changed out so that you cannot be hacked into again (but probably will be, don’t hold your breath).
The FBI is still in the early stages of this recent Cyber-attack, which on a macro total has affected 2.5% of Facebook’s entire 2 billion subscriber base. Although Facebook has claimed that your account was not “technically hacked into”, they are not taking any chances, and are also further investigating into this as well.
To be honest, I rarely use my Facebook account anymore, except just to put links to the blog site or the podcasting site. Personally, I find it too depressing. Most of the stuff out there is on Trump, his pick for the FBI, blah, blah, blah, etc. On occasion, I might find some happy news.
The social media site that I make the use most of is Linked In, and luckily, so far, they have not made the Cyber hacking headlines yet to the extent Facebook and Twitter have. I have also rea headlines where Facebook has announced extra Security measures in light of the upcoming midterm elections.
In all honesty, who really cares about that when then can’t even keep their own subscriber base safe?