#THE ONLY FACEBOOK ACCOUNT HACKER HAY FULL#
"We're just starting to work through the full scope of what we've seen here," said Rosen. It remains to be seen whether that's the case for 50 million-or 90 million-Facebook users. "You don't want a situation where there's one breach and your entire online identity is gone," White says. But just like you want your passwords to be unique so compromising one doesn't expose them all, account diversity is also vital online no matter how ironclad a particular sign-in scheme is. Sticking with one more secure sign-in does make sense, especially for use on sites that don't have the resources or inclination to invest heavily in security development. "But the downside is if a Single Sign-on gets breached you're hosed." "Single Sign-on schemes are great in the sense that the federal reserve cash vault in Atlanta is dramatically more secure than the safe at a local credit union," says Kenn White, director of the Open Crypto Audit Project. The debacle also underscores broader concerns about Single Sign-On, which Friday turned into the ultimate object lesson in the inherent tradeoffs between security and convenience. This does mean they could access other third-party apps using Facebook login."įacebook already faces legal challenges as a result of the disclosure Facebook users Carla Echavarrai and Derrick Walker have filed a class action suit in California "It is shocking that after all the publicity surrounding Facebook's handling of personal information in the wake of Cambridge Analytica and its promises to do better by its users that Facebook has yet again failed to protect consumers' information from hackers," said their attorney, John Yanchunis, in a statement. "The access token enables someone to use the account as if they were the account holder themselves. But the second revelation Friday indicates that the fallout may be far more widespread than initially indicated. It also hit pause on the “View As” feature.
#THE ONLY FACEBOOK ACCOUNT HACKER HAY PASSWORD#
After countless attempts, these will allow us to retrieve the correct password for the targeted account provided, of course, that the account password is. A video upload tool-intended to enable “Happy Birthday” videos-would erroneously appear on the “View As” page, and provide the access token of whomever the hacker searched for.įacebook initially responded by logging out both the 50 million people it knows were affected by the attack, and an additional 40 million who were looked up with the “View As” tool in the last year. The flaws detected on the Facebook site, allows the hacking algorithms to make a considerable number of attempts for the same Facebook account, which in hacker jargon is called brute force. You can read a fuller accounting of the hack here, but essentially it combines three bugs relating to Facebook’s “View As” feature, which lets users see what their profiles look like when other people view them. If your account was impacted it means that a hacker could have accessed any account that you log into using Facebook. What it failed to mention initially, but revealed in a followup call Friday afternoon, is that the flaw affects more than just Facebook.
On Friday, Facebook revealed that it had suffered a security breach that impacted at least 50 million of its users, and possibly as many as 90 million.
0 kommentar(er)
