What is the impact of the Facebook hack on you?

Tuesday, 02 Oct, 2018

Facebook confirmed late Friday that third party apps, including its own Instagram app, could have been affected.

What Facebook knows so far is that hackers got access to the 50 million accounts by exploiting three distinct bugs in Facebook's code that allowed them to steal those digital keys, technically known as "access tokens". This was not too long ago, and 70 million accounts were compromised as a result. The attackers used that vulnerability to steal access tokens from the accounts of people whose profiles came up in searches using the "View As" feature.

Facebook users were shocked as the news spread about how almost 50 million Facebook accounts were compromised by an attack that gave hackers the ability to take over users' accounts.

Facebook's preliminary analysis of the flaw suggests it was opened during changes made to the site's video upload system in July 2017, generating access tokens as the user being targeted by the "View As" system rather than the actual logged-in user and making them available in the HTML source of the page.

"This case involves the continuing and absolute disregard with which Defendant Facebook, has chosen to treat the PII of account holders who utilize Facebook's social media platform", the lawsuit reads. But the benefit comes at a cost, all these platforms will share the same access credentials. So I guess there is no need to freak out, Facebook has got everything under its control now.

If you log out of Gmail and try to log in again, a new access token will be generated.

So it doesn't matter how strong your password was, or whether two-factor authentication was set up.

A Tinder spokesperson pointed out that most of its new users sign up to the service without using a Facebook login. You type in your username and password, and click enter. Facebook's maximum fine would be $US1.63 ($2) billion using the larger calculation. The company began notifying affected users this morning with a message on its website and mobile app, and it's been holding a series of calls with reporters throughout the day to brief them on technical details and other information as it arises.

This means it's possible that hackers are now sitting on photos, videos, and private messages for tens of millions of people around the world.

And even if you weren't hacked yourself, messages you sent to people who were hacked may still be caught up in the hack.

In 2011 it signed a consent decree with United States consumer protection agency the Federal Trade Commission (FTC) settling charges that it deceived consumers by telling them they could keep their information on Facebook private, and then allowing it to be shared and made public.

This follows a statement posted to Twitter on Friday that it was pressing Facebook to "urgently clarify" the nature of the incident and risk to customers.

"As an industry until we can start making cybercrime unprofitable for adversaries, they will continue to hold the cards that will yield potentially massive payouts". There you will see a hyperlinked text saying "Where you're logged in".