At the end of September, it was revealed that a Facebook security flaw allowed the access tokens of over 50 Million accounts to be stolen. Access tokens allow users to stay signed in on devices, rather than signing in every time they interact with a Facebook app. On Friday 12 October, after weeks of investigation, Facebook reported that the actual number of accounts affected was 30 million, not 50.

The investigation into how this was made possible, and the extent of the data stolen is still ongoing, but Facebook have said there is no need for users to log out or change their password. Facebook forced 90 million users to log out when the breach was discovered.

Users can use this page to check if they were one of the accounts affected in the incident, as well as read any recent findings from the investigation. When you visit page, if you are not one of the affected users it will tell you this in a statement towards the bottom of the page, and there is no further action required from you other than remaining security conscious when it comes to passwords and such. You will also see a message saying your account hasn’t been compromised if you are one of the one million users to who their tokens stolen but information remained safe.

If you fall into the other 29 million users camp, then you will see one of two messages, depending on the level of your information that was stolen. Fifteen million users had their name, email addresses and phone numbers compromised by hackers. While this is serious enough itself, the other 14 million have a more serious data breach problem.

The other 14 million have had the above information stolen, as well as their username, date of birth, devices you use, gender, language settings and possibly more data such as religious and political views. It’s also possible that they accessed your 10 most recent locations and 15 most recent searches, giving a detailed window into your online presence.

There is currently no evidence that hackers used the vulnerability to attack third-party apps and services to gather more information, which was technically possible.  Facebook also continues to report that no passwords of credit card information has been compromised. We are yet to see the full fallout from the breach, but there is also evidence that Facebook logins are being sold on the dark web.

While that data is now out there in the hands of attackers, Facebook has used their support page to offer some advice on avoiding phishing schemes. This is a good move from Facebook, but it doesn’t make up for the grievous level of the data breach and the users it has left vulnerable to tailored phishing attacks now their data is out there.

Photo by Glen Carrie on Unsplash

The post How to guide: Check if your Facebook Account has been hacked? appeared first on Hack Ware News.

Google first discovered the bug in March 2018 and released a patch and a statement to say that there was no evidence of misuse or evidence of the vulnerability being exploited. However, Google felt that the effort involved in protecting user data on the social network outweighs the benefit of keeping the functionality running, when it hasn’t proven to be a very popular social network. They are set to close the consumer functionality of Google+ over a 10-month period.

After performing a code review of the Google+ APIs, they discovered a bug that could leak the personal information of Google+ account users. The bug allows a user to use installed apps to utilize the API and see personal information of that user’s friends. This personal information includes name, email address, occupation, gender and age.

Although Google has said they have seen no evidence the bug was exploited, it’s not possible for them to know if it has, or the extent, since they only keep two weeks of API logs for the Google+ service.

A report done by the Wall Street Journal stated that the bug existed between 2015 to March 2018 when it was patched. Google decided not to disclose the bug even though they weren’t sure it wasn’t exploited. The Wall Street Journal reported they have seen a memo by Google’s legal team advising not to disclose the data breach in case it attracts negative attention from government agencies around data protection.

A Google spokesperson has said they didn’t disclose the breach because it didn’t reach the necessary threshold to warrant informing users.

The post Google+ Shutting down after info from 500k Accounts is leaked appeared first on Hack Ware News.

Snapchat Hack – Giant Social Media Platform Source Code Leaked and Posted to GitHub

Snapchat Hack – Giant Social Media Platform Source Code Leaked and Posted to GitHub

It seems that the hacker obtained the source code back in May when Span Inc released iOS update. The repo on GitHub has a description”Source Code for SnapChat” and it is in Apple’s Objective-C. It could be that the repo contained full or partial source code ( no way to know for sure)  or even a partial project.

The post Snapchat Hack – Giant Social Media Platform Source Code Leaked and Posted to GitHub appeared first on Hack Ware News.