“Hmm…”
“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.”
https://newsroom.fb.com/news/2018/09/security-update/
+++
Why should I care?
The hackers responsible for this attack took control of users’ access tokens.
And from this, the hackers responsible for this attack could easily take full control of not only the accounts of people on Facebook itself but also use that to log into other sites and services using Facebook login system.
And there is a rumor now that the data of another 40 million on top of that might have been likewise compromised–bringing the total closer to 90 million.
+++
Can we learn anything from this?
Methinks that if you are considering adding plugins to your WordPress login page, allowing for an alternate log in via Facebook, Amazon, et al., in future, this might be warning that doing so may have consequences.
1 Comment
Jim Walker says
And then to make the situation even worst, there was a study recently demonstrating that for those folks who set up two-step authentication for Facebook some time back and were “required” to use their phone numbers to enable the setting–guess what?
Well, if you were one of those people, Facebook apparently gave this “shadow data”, your phone number, to advertisers soon after the Facebook authorization request was made…
Meaning, that within a couple of weeks following the “securing” of your Facebook account, the phone number could have been and may still be used to target you for Ads.
How about those pickles.