Facebook’s security protocols are once again under fire following a new security breach that affected over 50 million users.
On Friday, September 28th, the social media giant announced that hackers had exploited a website feature that allowed the bad actors to log-in and access users’ data. The attackers exploited code associated with the “view as” function, granting them to steal users’ “access tokens” – the feature which allows users to forgo the password process on each new session.
The vulnerability apparently came from a 2017 change centered around the feature allowing users to upload “Happy Birthday” videos. Due to a bug in the platform’s code, users were occasionally prompted to upload the birthday videos when “viewing” a profile as another user. And due to yet another bug in the video tool, hackers were able to acquire the “access tokens” of those users.
In the announcement, Facebook noted the company had discovered the vulnerability earlier in the week and stressed that the FBI and the Irish Data Protection Commission had already been notified. And though the company has not yet identified how much data was stolen or who was behind the hack, it has rolled out a fix and temporarily disabled the feature from which the vulnerability stemmed.
CEO Mark Zuckerberg explained, "This is a really serious security issue," adding "This underscores there are just constant attacks from people who are trying to take over accounts and steal information from our community. This is going to be an ongoing effort."
Did Facebook Censor Articles About The Hack?
If the hack wasn’t bad enough, it was reported that pieces covering the incident from the Associated Press and The Guardian were apparently being censored by Facebook. Related: The New NAFTA Ends American Trade Drama
Though it’s important to note that not allow users were experiencing the same problem, and not all stories were being blocked, it did spark a wave of cover-up theories within the Twittersphere.
Though many speculate that the issue stemmed from anti-spam measures, it is surprising that highly-regarded news platforms such as AP or The Guardian would be marked as spam. And it raises concerns about how the spam-filter functions.
Facebook quickly acknowledged the issue, stating: "We fixed the issue as soon as we were made aware of it, and people should be able to share both articles.”
The anti-spam filters were put in place to prevent bots or bad actors from spreading ‘fake news’ from shady organizations, but this incident highlights a need to revisit the protocols in place.
Are Users Becoming Desensitized?
In 2018, data breaches have become a way of life. In August alone, over 215 million records were compromised, according to IT Governance, and that’s just one month.
It’s become easy to say “oh, I’m probably ok” or “whatever, my data is probably already out there.” But it speaks to a greater problem occurring on the web.
Giant companies are being entrusted with incredibly valuable data, and if they are not exploiting it themselves, they are often falling short in protecting it. At the same time, tech-inept governments are struggling to even comprehend the problem and users are becoming more apathetic by the day.
It’s been said that data is “the new oil,” but if that’s the case, why aren’t we acting like it? The trillion-dollar data business is still largely unregulated. Data cartels are free from real consequences, and it’s likely that even this latest Facebook breach will be swept under the rug yet again.
The rise of cryptocurrency and blockchain technology has led to a sort of revolution in cybersecurity. Developers and decentralization-enthusiasts are now working together to create alternatives to current financial, retail and social media platforms.
The new wave of decentralized applications promises users more control over their data and greater security, but adoption is still lagging. While platforms such as Steemit or Mastodon have received a lot of attention, it’s not likely that Facebook is heading towards extinction anytime soon.
Like the big banks following the financial collapse of 2008, it seems the data cartels have become “too big to fail.” And that’s a problem.
By Michael Kern via Crypto Insider
More Top Reads From Safehaven.com: