Unlike the previous data breaches by the Cambridge Analytica, this breach seems unlikely to be political motivated and exposed a smaller percentage of Facebook users.

According to Facebook, the latest hack claimed around 50 million accounts with possibility to 90 million users that were “directly affected”. Later, Facebook described the attack as being used in “fairly large scale”. On the downside, the hackers may take over your account and use it as they are the account holders.

‘View As’ feature as the weakest link

Apparently, the hacker made use of a vulnerability in the Facebook’s coding of the ‘View As’ feature that allowed people to see what their own profile looks like to others.

Just by pinpointing this vulnerability, the hackers were able to steal Facebook tokens and later allowed them to hijack other people accounts.

After discovering the breach on 25 Sep 2018, the security team in Facebook had then fixed the system vulnerability and stated that no passwords have been compromised.

Damage control and mitigation

However, Facebook remained mute on what kind of data has been breached in this latest attack. However, Facebook did confirm that the hackers may have accessed to any third-party apps such as Tinder and Swiggy.

Thus, it will be best for Facebook users to log out of all websites and services were that previously logged in via using Facebook account. It is recommended that user use separate login password for third-party apps, instead of using Facebook, Google or Twitter for access.

In storing these various different passwords, the user may use some password managers like LastPass, Dashlane, KeePass and so on in storing different passwords for third-party apps.

EU to fine Facebook for $1.63 billion over latest hack

In addition, Facebook may face a fine of $1.63 billion after this major breach of data from the European Union’s (EU) recently enacted General Data Privacy Regulation (GDPR).

The regulation stated that the company has a role in safeguard their users’ data risk and if they did not provide adequate protection, the company faced a maximum fine of €20 million ($23 million), or 4% of a firm’s global annual revenue for the prior year, whichever is higher.

Moreover, the company is required to notify regulators of breaches within 72 hours, under threat of a maximum fine of 2% of world-wide revenue.

Thus, Facebook might face a fine of 1.63 billion under the EU GDPR by using a larger calculation.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Another Facebook hack and how it affects you appeared first on Hack Ware News.

The attack on accounting giant occurred on Monday, and the details remained sketchy as investigators piece the information together in crime scene investigation fashion.

A simple password does all the tricks

It was reportedly a single password was all its take to “slay” the Deloitte’s cyber-security on its email server through an administrator account. After successful login with password, the unauthorized user is able to access various areas which are otherwise restricted from outsiders and even staffs unless granted with the appropriate rights.

The focus of attack was locked on Deloitte’s asset at Rosslyn, Virginia, United States and the company immediately notified the authorities after the attack.

No privacy for staff emails

According to The Guardian, emails of around 244,000 staffs are exposed through this incident alone. Many of these emails were stored in the company’s Azure Microsoft’s Cloud service which consists of Deloitte user names, passwords, IP addresses, company architecture, and health information, based on media report from The Guardian.

So far, the hacking damage paled in comparison to recent cyber-attack seen in Equifax, where the details of around 143 million customers were leaked.

Victims claimed so far

As of now, none of the affected companies’ name were identified but six companies and some government agencies were among the victims. Perhaps the extent of the damage remained to be contested for a while as further investigation takes place. Apparently, Deloitte’s email system shows a history of being hacked, as previously in Oct-Nov 2016, which the company only acknowledged the hack four months later on March this year.

Not your average panama papers leak

The motive of the hack does not seem to be as noble as the panama papers leak which 11.5 million documents were leaked in a whistle-blowing manner to reveal offshore tax evasion and fraud. Like all corporations, Deloitte has its fair share of controversies and if a similar “panama papers driven leak” was on the mind of hackers, our guess will be on the incident of ActionAid.

Back in November 2013, Deloitte was accused by international non-governmental organization, ActionAid of using Mauritius as a tax haven to hide hundreds of millions of dollars from taxation by a list of poor African nations.

Most likely, Hackwarenews thinks that the breach in Deloitte’s email system is commercially motivated in revealing sensitive information for blackmailing purposes.

Striking Terror to the rest

Deloitte is currently in the lead among the “Big Four” or the world’s largest accounting and auditing services, booking an annual revenue over USD38 billion in fiscal year of 2017. Other in the Big Four includes PricewaterhouseCoopers (PwC), EY and KPMG.

By claiming Deloitte as its victim, the hacker certainly sent shockwaves to other accounting firms, telling that they may be next in line. Or perhaps, the message is clear that no one is safe in this cyber-age and often complacency and negligence prove to be the biggest culprit in security breaches.

The post Big Four, Deloitte hacked and who’s next? appeared first on Hack Ware News.