Yet again, if you have not followed in my footsteps in deleting your Facebook account, maybe you will now. Facebook is in the news again with hackers having published 81,000 users private messages and reportedly stolen details of 120 million user accounts. They are also offering to broker access to profiles for as little as 8p, (thats 10¢ USD for those of us in the states). A further 176,000 accounts displaying personal information was also released. Many of these profiles included information users may set public themselves such as emails and phone numbers.
BBC News asked cyber security firm Digital Shadows to verify the claims made by the malicious actors and confirmed more than 81,000 of profiles uploaded online, as a sample for the 120 million-strong database, contained private messages.
Facebook has told IT Pro that the data was most likley stoles as a result of a browser extensiont which FB has declined to identify.
"Based on our investigation so far, we believe this information was obtained through malicious browser extensions installed off of Facebook."
Facebook's vice president of product management Goy Rosen said.
"We have contacted browser makers to ensure that known malicious extensions are no longer available to download in their stores and to share information that could help identify additional extensions that may be related."
Facebook has also said that it began its investigation last month after becoming aware that a website was displaying information pertaining to user profiles, which they have tried to get the site taken down. Based on the information gathered, they don't believe any accounts have been directly compromised.
Overall, industry experts have cast doubt that 120 million figure, saying that it is unlikely Facebook would have missed such a large data breach.
said Thycotic's chief security scientist Joseph Carson."It is very unlikely that the cybercriminals have all the private message for 120 million accounts and if they do, then Facebook will be facing one of the biggest data breaches to date,"
"It is however, more likely that the published list of 81,000 accounts is all that the cybercriminals have, and they are looking to cause disruption and fear."
In a nutshell, what does this mean. Well, PM of 81,000 users have been shown along with 176,000 accounts having information shown. But, the figure of 120 million like the hackers have claimed is suspected to be over exaggerated. They have suspected that these 81,000 accounts had access through a large-scale password reuse attack. They also don't believe this is related in any way to the massive data breach in September.
Facebook is saying something slightly different and saying it was due to some malicious browser plugins, but fail to comment on which browser plugins they have found to be "malicious" towards them.
No matter what, this is not good timing for Facebook since they are already under investigation by the Irish Data Protection Commissions for potential violations of the EU's General Data Protection Regulations, (GDPR).
Overall, for your protection, I wouldn't use your browser's cookies to store your passwords for site or remember your passwords, but use something a lot more secure like
Please login to see this link Get registered or Log in |