Another Facebook hack and how it affects you. The world’s social network was under the radar again for another breach involving almost 50 million accounts.
Unlike the previous data breaches by the Cambridge Analytica, this breach seems unlikely to be political motivated and exposed a smaller percentage of Facebook users.
According to Facebook, the latest hack claimed around 50 million accounts with possibility to 90 million users that were “directly affected”. Later, Facebook described the attack as being used in “fairly large scale”. On the downside, the hackers may take over your account and use it as they are the account holders.
‘View As’ feature as the weakest link
Apparently, the hacker made use of a vulnerability in the Facebook’s coding of the ‘View As’ feature that allowed people to see what their own profile looks like to others.
Just by pinpointing this vulnerability, the hackers were able to steal Facebook tokens and later allowed them to hijack other people accounts.
After discovering the breach on 25 Sep 2018, the security team in Facebook had then fixed the system vulnerability and stated that no passwords have been compromised.
Damage control and mitigation
However, Facebook remained mute on what kind of data has been breached in this latest attack. However, Facebook did confirm that the hackers may have accessed to any third-party apps such as Tinder and Swiggy.
Thus, it will be best for Facebook users to log out of all websites and services were that previously logged in via using Facebook account. It is recommended that user use separate login password for third-party apps, instead of using Facebook, Google or Twitter for access.
In storing these various different passwords, the user may use some password managers like LastPass, Dashlane, KeePass and so on in storing different passwords for third-party apps.
EU to fine Facebook for $1.63 billion over latest hack
In addition, Facebook may face a fine of $1.63 billion after this major breach of data from the European Union’s (EU) recently enacted General Data Privacy Regulation (GDPR).
The regulation stated that the company has a role in safeguard their users’ data risk and if they did not provide adequate protection, the company faced a maximum fine of €20 million ($23 million), or 4% of a firm’s global annual revenue for the prior year, whichever is higher.
Moreover, the company is required to notify regulators of breaches within 72 hours, under threat of a maximum fine of 2% of world-wide revenue.
Thus, Facebook might face a fine of 1.63 billion under the EU GDPR by using a larger calculation.