Facebook Breach Update

September 30, 2018
Facebook Breach Update

Got logged out last Friday? (September 28). You are lucky if you did not experience that.

The social media giant Facebook forcefully ended the session of 90 million Facebook users to secure the accounts affected by the recent breach.

In our recent story we have covered details initially disclosed by Facebook which was available by that time.

Now let us check on the recent updates that you need to know.

We will summarize the transcript of a conference call with reporters and Facebook’s Vice President of product Guy Rosen by listing down important details. The transcript can be viewed here: part 1, and part 2.

Below are the updates regarding the massive breach:

  1. An unusual influx of traffic caused their security team to discover the activity – Facebook’s security team noticed the abnormal influx of traffic on its servers earlier this week, naturally it will prompt them to investigate the anomaly, in which revealed a massive cyber attack that had started since 16th of September. The obvious purpose was to steal the data of the compromised Facebook users.
  2. Hackers took advantage of three vulnerabilities – The hack was made possible by combining the three bugs.

First exploit has something to do about the “View As” Tool when uploading a video which allowed people to wish a ‘Happy Birthday’ to Facebook friends.

Second exploit was generating an incorrect access token by uploading a video. The access token allows it to log into the Facebook mobile app, which is supposed to be not allowed.

Third Exploit was the generated access token was originally for the viewer, but instead the program gave the access token for the person who was being looked up, this enabled attackers to steal the token and gain access to an account they were simulating.

  1. Facebook password is not compromised, only the access tokens are. Do you know what this means? Your access tokens are the only needed information and the password itself is not required, or even the two factor authentication.
  2. A lot of information was downloaded through the Facebook API, this includes almost everything about your account.
  3. 3rd Party sites that you have connected to Facebook is at risk. Why? It may have allowed the hackers to access the 3rd party accounts linked to your Facebook.
  4. Check the active session under Facebook settings – you can check the IP addresses and location where your account is currently accessed and online.
  5. Breach is not connected to a Taiwanese hacker who streamed himself live and threatened to delete the account of Mark Zuckerberg via live stream. Facebook believes that the Zero day hack is not connected to the hacker named Chang Chi-Yuang.
  6. Facebook once again is in hot water, because they are facing class-action lawsuit over the massive breach.

Whether you have been hacked or not, do reset your passwords right now. These account take overs can be used for phishing activities, phishing attacks and other phishing related activities.

About the author

Leave a Reply