The fine has been enforced by the UK’s Information Commissioner’s Office (ICO) and was calculated using a pre-GDPR formula for data breach fines. Using the UK’s old Data Protection Act to fine Facebook, rather than GDPR they can only give a maximum penalty of £500,000, which is equal to what the social media giant earns every 18 minutes.

GDPR rules dictate a maximum fine of 4% of annual global turnover, which would be $1.6 billion. Unfortunately the the GDPR regulation wasn’t in place when the Cambridge Analytica story broke, coming into force in May 2018.

The UK investigation concluded that Facebook’s APIs had been allowing developers access to users information without them providing proper consent, for a long period of time between 2007 and 2014. Once they realized this loophole existed and patched it up, they did nothing to investigate the data compromised or ensure it was deleted.

[FACEBOOK] should have known better and it should have done better… We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation. The fine would inevitably have been significantly higher under the GDPR

Information Commissioner Elizabeth Denham said in a statement

Facebook has said they are reviewing the ICO’s findings and stated they “respectfully disagree” with some of the report, but admit they should have done more to protect users data. They also added that they found no evidence that British users profile information was shared with Cambridge Analytica.

The post UK Fines Facebook over Cambridge Analytica Scandal appeared first on Hack Ware News.

At the end of September, it was revealed that a Facebook security flaw allowed the access tokens of over 50 Million accounts to be stolen. Access tokens allow users to stay signed in on devices, rather than signing in every time they interact with a Facebook app. On Friday 12 October, after weeks of investigation, Facebook reported that the actual number of accounts affected was 30 million, not 50.

The investigation into how this was made possible, and the extent of the data stolen is still ongoing, but Facebook have said there is no need for users to log out or change their password. Facebook forced 90 million users to log out when the breach was discovered.

Users can use this page to check if they were one of the accounts affected in the incident, as well as read any recent findings from the investigation. When you visit page, if you are not one of the affected users it will tell you this in a statement towards the bottom of the page, and there is no further action required from you other than remaining security conscious when it comes to passwords and such. You will also see a message saying your account hasn’t been compromised if you are one of the one million users to who their tokens stolen but information remained safe.

If you fall into the other 29 million users camp, then you will see one of two messages, depending on the level of your information that was stolen. Fifteen million users had their name, email addresses and phone numbers compromised by hackers. While this is serious enough itself, the other 14 million have a more serious data breach problem.

The other 14 million have had the above information stolen, as well as their username, date of birth, devices you use, gender, language settings and possibly more data such as religious and political views. It’s also possible that they accessed your 10 most recent locations and 15 most recent searches, giving a detailed window into your online presence.

There is currently no evidence that hackers used the vulnerability to attack third-party apps and services to gather more information, which was technically possible.  Facebook also continues to report that no passwords of credit card information has been compromised. We are yet to see the full fallout from the breach, but there is also evidence that Facebook logins are being sold on the dark web.

While that data is now out there in the hands of attackers, Facebook has used their support page to offer some advice on avoiding phishing schemes. This is a good move from Facebook, but it doesn’t make up for the grievous level of the data breach and the users it has left vulnerable to tailored phishing attacks now their data is out there.

Photo by Glen Carrie on Unsplash

The post How to guide: Check if your Facebook Account has been hacked? appeared first on Hack Ware News.

Attackers gained access to the accounts through a vulnerability discovered after the Facebook’s “view as” feature was introduced earlier in the year

The feature allows users greater control of their privacy by letting them view their account as another user. Once attacks gained access to the Facebook accounts, they also gained access to accounts logged in via Facebook such as Tinder, Instagram, Airbnb and Spotify.

Since Friday’s attack the Facebook logins for the leaked accounts have started appearing for sale on the dark web, for as little as $3.90 each, with some email logins being sold for $2.70, according to Money Guru

Researchers found that for $970 it was possible to purchase a person’s online footprint, including all usernames, passwords and email addresses. The best way to protect yourself and your accounts is to always opt for a multiple step verification process where possible. For example, a 2-factor authentication any time you log into Facebook from a new device.

UK Based company Money Guru, who released these findings, said social media account details are frequently targeted by hackers because they give a good insight in targeted advertising. The report found that other accounts were also being offered for sale on the dark web. Reddit accounts came in slightly cheaper at $2.09, and Instagram and Pintrest on the more expensive end at $6.30 and $8.48 respectively.

Facebook has said that they are working with the FBI in investigating the hack and will inform users when they know more. CEO Mark Zuckerberg has assured users that passwords and credit card information was not accessed.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Facebook logins are being sold on the dark web after 50 million users hacked appeared first on Hack Ware News.

Unlike the previous data breaches by the Cambridge Analytica, this breach seems unlikely to be political motivated and exposed a smaller percentage of Facebook users.

According to Facebook, the latest hack claimed around 50 million accounts with possibility to 90 million users that were “directly affected”. Later, Facebook described the attack as being used in “fairly large scale”. On the downside, the hackers may take over your account and use it as they are the account holders.

‘View As’ feature as the weakest link

Apparently, the hacker made use of a vulnerability in the Facebook’s coding of the ‘View As’ feature that allowed people to see what their own profile looks like to others.

Just by pinpointing this vulnerability, the hackers were able to steal Facebook tokens and later allowed them to hijack other people accounts.

After discovering the breach on 25 Sep 2018, the security team in Facebook had then fixed the system vulnerability and stated that no passwords have been compromised.

Damage control and mitigation

However, Facebook remained mute on what kind of data has been breached in this latest attack. However, Facebook did confirm that the hackers may have accessed to any third-party apps such as Tinder and Swiggy.

Thus, it will be best for Facebook users to log out of all websites and services were that previously logged in via using Facebook account. It is recommended that user use separate login password for third-party apps, instead of using Facebook, Google or Twitter for access.

In storing these various different passwords, the user may use some password managers like LastPass, Dashlane, KeePass and so on in storing different passwords for third-party apps.

EU to fine Facebook for $1.63 billion over latest hack

In addition, Facebook may face a fine of $1.63 billion after this major breach of data from the European Union’s (EU) recently enacted General Data Privacy Regulation (GDPR).

The regulation stated that the company has a role in safeguard their users’ data risk and if they did not provide adequate protection, the company faced a maximum fine of €20 million ($23 million), or 4% of a firm’s global annual revenue for the prior year, whichever is higher.

Moreover, the company is required to notify regulators of breaches within 72 hours, under threat of a maximum fine of 2% of world-wide revenue.

Thus, Facebook might face a fine of 1.63 billion under the EU GDPR by using a larger calculation.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Another Facebook hack and how it affects you appeared first on Hack Ware News.

The breach was discovered this week, and is the latest controversy surrounding Facebook after British company Cambridge Analytica gained access to information of 87 million users, and the controversy surrounding disinformation in elections. However, this breach has been the largest in the company’s 14-year history.

Facebook has said the attackers exploited two bugs in the site’s “View as” feature. The feature, which was designed to give users a clearer view of their presence and more control over their privacy, allows users to check what information other people can see about them. The flaw allowed users to gain “access tokens” which allow access to accounts, through Facebook’s video-uploading program for birthday celebrations. Although it’s not yet known when the attack happened, it seems to occurred after the video-uploading program was introduced. Attacked attempted to harvest user’s personal identifiable information (PII). After the attack was discovered, Facebook forced 90 million users to log out. Facebook has not announced where in the world the 50 million users are.

There have been some major changes in Facebook’s security teams after its Chief Security Officer, Alex Stamos left in August this year for a teaching position at Stanford University. Facebook decided to split the team members so that security employees work within different teams across the company, in order to make security an innate part of Facebook.

Facebook’s data breach was a trending topic on Friday with users posting the breaking story as news outlets released it. User’s found that some of their posts were removed because Facebook’s algorithm saw them as suspicious activity or spam.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post 50 Million accounts exposed after Facebook security breach appeared first on Hack Ware News.

Yes, the Onavo VPN app is owned by Facebook. VPNs are supposed to keep one’s activities hidden from prying eyes but if you got you’re VPN from Facebook, you probably have it coming. Well, Apple has put a stop on this activity and will keep more iOS users from falling victim, but Android users are still open.

Why download Onavo in the first place? The premise of the app is to offer a secure VPN service for mobile internet users. As per the Onavo website, Onavo Protect keeps users safe by blocking potentially harmful websites from acquiring personal information.

The app also monitors how much mobile data is used by other mobile apps to protect users from overconsumption, which is a very bad thing especially when international roaming. The problem is, that to in order to count how much data is being consumed by other apps, the data is actually collected, by Facebook who has owned the Israeli startup Onavo since 2013.

What Onavo does:

• Add an extra layer of security
• Secure personal information while on public Wi-Fi
• Provide a fast, free and secure VPN
• Alerts when apps use too much data
• Blocks apps from using data in the background
• Limits apps to use Wi-Fi only
• Notifies user when an app reaches a certain amount of data

Onavo Protect officially collects measures:

• Mobile network name
• Mobile network code
• Mobile country code
• Locale/language
• iOS version
• Onavo app version.
• Also when the mobile device screen is on/off
• Tracks daily data usage on Wi-Fi and mobile data
• DNS request to measure latency.

Onavo is apparently open to saying that they will be collecting mobile data traffic in order to perform its tasks as stated in the Google Play Store app description. But, much like EULAs, many users pretty much ignore these notices and/or messages that apps will be needing access to a bunch of things from their phones including private pics from their photo gallery.

Onavo App description on Google Play:

As part of providing these features, Onavo may collect your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data. Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value and build better experiences.

The previous statement sounds somewhat changed that it now justifies Facebook’s data collection as well as its ownership. This data collection however has led to the acquisition of WhatsApp, apparently because it’s so popular and that Onavo now bombards users with targeted advertising.

But the whole thing doesn’t sit well with Apple’s new policies which went in effect last June and the company told Facebook to voluntarily remove Onavo from the App Store.

We work hard to protect user privacy and data security throughout the Apple Ecosystem. With the latest update to our guidelines, we made it explicitly clear that apps should not collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing…

–Apple

Onavo iOS users who don’t mind the data collection can still use their existing apps and continue to download them when upgrading or changing devices, however, they can’t expect any more updates.

The post Apple Stops Facebook from Spying appeared first on Hack Ware News.

Click fraud, cryptocurrency miners, malicious browser extension stealing social media credentials is the malware called Nigelthorn , that is fast spreading via socially engineered links on Facebook. Since it started this year in March, it managed to infect 100K users globally.

Fist discovered by researches at Radware, when a “protected” network of one of its customers got affected, Nigelthorn was spread via various (at least 7) Chrome browser extensions, hosted on official Chrome Web store.

7 Malicious Chrome Extensions spreading via Facebook Caught Stealing Passwords

The post 7 Malicious Chrome Extensions spreading via Facebook Caught Stealing Passwords appeared first on Hack Ware News.