Facebook hacker accessed personal details for 29 million accounts
How This Impacts You
Facebook’s recent breach allowed the “hacker” to access personal details of up to 29 million users. This is huge because you may be using Facebook Payments, have your credit card tied to your account, have personal photos hidden, among other sensitive data you have entrusted to the platform. Facebook also does have access to your cell phone, Whatsapp, Instagram, and Facebook Messenger. Although Facebook has not stated these platforms were breached, Facebook has not been forthcoming of this breach or previous ones so it is not safe to assume those accounts or your associated credit cards are safe.
- Change your passwords immediately:
- Messenger (if separate)
- Watch your credit cards for non-standard activity
- Use a fraud insurance service like Zanders or others to help cover yourself in case of identity theft
- [Optional] Uninstall and reinstall each of the above apps.
Some Context of the Hack (with conjecture)
From the Verge:
“The flaw could have let someone exploit the “View As” feature, which lets you view your own profile as it appears to another user or to the public, as a way of evaluating your specific sharing settings. However, it appears that the feature inadvertently exposed Facebook security tokens when someone selected a profile as the desired View As target. That would let someone gain access to the person’s account. Facebook access tokens are the digital keys that allow mobile users to log in to their accounts without having to retype their passwords.
With full access to a user’s account, the attackers could have used any third-party app that was logged in via Facebook, the company said late Friday.”
The feature at hand was to allow users to see what their own profile would look like if they “viewed as” someone who had limited permissions to look at your profile (Like your mom, dad or ex). This exposed a portion of the code that allows users to login and then was exploited to gain access to the millions of accounts. So this was partially a bug in the system but then became an exploited hack.
They are currently believing it to be one person, but we believe that it could be more than 1 person. Since the FBI is involved, they don’t typically like to announce a lot of details so that they do not alert the hacker(s) to certain aspects of the investigation. Hacks performed on this scale, however typically are done by a collective of 2-10 individuals. Anonymous’ activities in previous years is a good representation of this.
As marketers, we love the platform that Facebook has created because it allows us to help companies, like yours, to find people who would be genuinely interested in your product or service. We love the idea of curating content that is valuable to people instead of randomly blasting commercials to uninterested audiences (radio, tv, direct mailers, etc.)
This comes at a price of privacy. Facebook is ultimately not free to use for people, but you the citizen agree to give Facebook information for use on the platform.
Facebook has recently mismanaged this and has forced us to redouble our security processes. We do not hold onto high-security information whether in digital or physical form. We follow best practices as efficiently as possible to protect our clients. That being said, we have alerted our clients to change all of their passwords relating to Facebook’s platforms and subsidiaries to be on the safe side.
We will continue to use Facebook Advertising platform as long as it provides a solid Return on Investment to our clients, but we are not afraid to tell our clients when its the wrong choice.