Well, two big things this week with Facebook. Facebook has confirmed it does use phone numbers that users provided them for security purposes, specifically for 2FA, (2FA = Two Factor Authentication), a security technique that adds a second layer of authentication to help keep accounts secure, to also target them with ads. Facebook as well had a security breach with up to 50m accounts attacked.
I will start with the data breach here. The data breach was discovered on Tuesday where attackers were able to exploit a vulnerability in a feature known as "View As" to gain control of your account. Users that were affected were prompted to re-login on Friday. This security flaw has been addressed and has been fixed, so say the firms VP of product management Guy Rosen, which also stated that all affected accounts have been reset, as well as another 40 million accounts "as a precautionary step".
Who was affected?
Facebook would not say where in the world the 50 million users are, but it has informed Irish data regulators, where Facebook's European subsidiary is based. The company said that the users prompted to login again did not have to change their passwords.
"Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. “
He added: "People’s privacy and security is incredibly important, and we’re sorry this happened."
The company has confirmed that Facebook founder Mark Zuckerberg and its chief operating officer Sheryl Sandberg were among the 50 million accounts affected.
Read more about it here:
Please login to see this link Get registered or Log in |
Facebook also in the news for their misuse of peoples phone numbers that were provided for better security.
For those of you that are unsure of what 2FA is, well, it's;
2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information. This second factor could come from one of the following categories:
- Something you know: This could be a personal identification number (PIN), a password, answers to “secret questions” or a specific keystroke pattern
- Something you have: Typically, a user would have something in their possession, like a credit card, a smartphone, or a small hardware token
- Something you are: This category is a little more advanced, and might include biometric pattern of a fingerprint, an iris scan, or a voice print.
With 2FA, a potential compromise of just one of these factors won’t unlock the account. So, even if your password is stolen or your phone is lost, the chances of a someone else having your second-factor information is highly unlikely. Looking at it from another angle, if a consumer uses 2FA correctly, websites and apps can be more confident of the user’s identity, and unlock the account.
Please login to see this link Get registered or Log in |
Facebook's confession on this comes after a story
Please login to see this link Get registered or Log in |
A while back, Facebook did say that users who were getting spammed with FB notifications to provide a number for the 2FA was a bug. The last thing we want is for people to avoid helpful security features because they fear they will receive unrelated notifications,” Facebook then-CSO, Alex Stamos wrote in a blog post at the time.
Seems when he stated that, failed to mention the rather pertinent additional side detail that its using those numbers for ad targeting. Seems that they are willing to sell everything it gathers from you for money, finding any way it can squeeze $$$ by exploiting you. Overall, they say you can opt out at any time just by not using the 2FA, so that leaves you with 2 options, be safe, or get spammed with ads.
Read more about it here:
Please login to see this link Get registered or Log in |
My thoughts on this.
Well, after the last major f-up where they were just giving away millions of users information without permission, I lost all trust of the company. The thought of repurposing phone numbers that were provided by users specifically for 2FA, and using them to target for advertising is morally disgusting. As a web div myself, I would never do anything like this and it is absolutely disgusting.
Personally, Facebook and Mark Zuckerberg I am seeing have no ethics, and the acts that they have been doing is comparable to what a criminal enterprise would do. I personally like to warn people that you should be careful what you post on FB, or any type of social media, meaning, don't give out information like when or where you're going to be, when nobody's home, (like you and the family going on a trip), ect...
I know that's common sense stuff, but, unfortunately, there are a lot of you out there that just don't realize that your doing it, and criminals will take full advantage of your arrogance/ignorance of the subject or the fact that your doing it. So overall, what I am saying is, be safe.