The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Facebook

Use This Privacy Tool to View and Clear Your 'Off-Facebook Activity' Data

Use This Privacy Tool to View and Clear Your 'Off-Facebook Activity' Data

August 20, 2019Swati Khandelwal
Well, here we have great news for Facebook users, which is otherwise terrible for marketers and publishers whose businesses rely on Facebook advertisement for re-targeted conversations. Following the Cambridge Analytica scandal , Facebook has taken several privacy measures in the past one year with an aim to give its users more control over their data and transparency about how the social media giant and other apps on its platform use that data. Now in its new effort, Facebook has launched a new privacy feature that allows its users to control data that the social media platform receives from other apps and websites about their online activity. Dubbed " Off-Facebook Activity ," the feature was initially announced by Facebook CEO Mark Zuckerberg last year as "Clear History," allowing users to clear the data that third-party websites and apps share with Facebook. "Off-Facebook Activity lets you see a summary of the apps and websites that send us infor
Facebook Sues Two Android App Developers for Click Injection Fraud

Facebook Sues Two Android App Developers for Click Injection Fraud

August 08, 2019Mohit Kumar
Facebook has filed a lawsuit against two shady Android app developers accused of making illegal money by hijacking users' smartphones to fraudulently click on Facebook ads. According to Facebook, Hong Kong-based 'LionMobi' and Singapore-based 'JediMobi' app developers were distributing malicious Android apps via the official Google Play Store that exploit a technique known as "click injection fraud." Click injection is a type of attribution fraud where fraudsters manipulate the attributions to steal the credit from the actual source of app installation in an advertising process that involves Cost Per Installation model. In simple words, a malicious app installed on a device automatically generates a fake click to the advertisement network with its own tracking codes when it finds that the user is installing a new app from any other source to claim itself as the source of the installation. Therefore, Advertisers end up paying commission to the wro
Viral FaceApp Unnecessarily Requests Access to Users' Facebook Friends List

Viral FaceApp Unnecessarily Requests Access to Users' Facebook Friends List

July 29, 2019Mohit Kumar
FaceApp—the AI-powered photo-morphing app that recently gone viral for its age filter but hit the headlines for its controversial privacy policy—has been found collecting the list of your Facebook friends for no reason. The Russian-made FaceApp has been around since the spring of 2017 but taken social media by storm over the course of the past few weeks as millions of people downloaded the app to see how they would look when they are older or younger, or swap genders. The app also contains a feature that allows users to download and edit photos from their Facebook accounts, which only works when a user enables FaceApp to access the social media account via the 'Login with Facebook' option. As you can see in the screenshot above, besides requesting for access to your basic profile information and photos, FaceApp also fetches the list of your Facebook friends "who also use and have shared their friends' lists with FaceApp." Have you yet asked yourself why
This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes

This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes

July 15, 2019Mohit Kumar
Watch out! Facebook-owned photo-sharing service has recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without requiring any interaction from the targeted users. Instagram is growing quickly—and with the most popular social media network in the world after Facebook, the photo-sharing network absolutely dominates when it comes to user engagement and interactions. Despite having advanced security mechanisms in place, bigger platforms like Facebook, Google, LinkedIn, and Instagram are not completely immune to hackers and contain severe vulnerabilities. Some vulnerabilities have recently been patched , some are still under the process of being fixed, and many others most likely do exist, but haven't been found just yet. Details of one such critical vulnerability in Instagram surfaced today on the Internet that could have allowed a remote attacker to reset the password for any Instagram account and take complete contr
Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation

Facebook to Pay $5 Billion Fine to Settle FTC Privacy Investigation

July 13, 2019Swati Khandelwal
After months of negotiations, the United States Federal Trade Commission (FTC) has approved a record $5 billion settlement with Facebook over its privacy investigation into the Cambridge Analytica scandal . The settlement will put an end to a wide-ranging probe that began more than a year ago and centers around the violation of a 2011 agreement Facebook made with the FTC that required Facebook to gain explicit consent from users to share their personal data. The FTC launched an investigation into the social media giant last year after it was revealed that the company allowed Cambridge Analytica access to the personal data of around  87 million Facebook users without their explicit consent. Now, according to a new report published by the Wall Street Journal, the FTC commissioners this week finally voted to approve a $5 billion settlement, with three Republicans voting to approve the deal and two Democrats against it. Facebook anticipated the fine to between $3 billion and
Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones

Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones

May 14, 2019Swati Khandelwal
Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few "selected" smartphones by simply calling the targeted phone numbers over Whatsapp audio call. Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit installs Pegasus spyware on to Android and iOS devices. According to an advisory published by Facebook, a buffer overflow vulnerability in WhatsApp VOIP stack allows remote attackers to execute arbitrary code on target phones by sending a specially crafted series of SRTCP packets. Apparently, the vulnerability, identified as CVE-2019-3568 , can successfully be exploited to install the spyware and steal data from a targeted Android phone or iPhone by merely placing a WhatsApp call, even when the call is not answered. Also, the victim would not be able to find out about the intrusion af
New York, Canada, Ireland Launch New Investigations Into Facebook Privacy Breaches

New York, Canada, Ireland Launch New Investigations Into Facebook Privacy Breaches

April 27, 2019Swati Khandelwal
Facebook has a lot of problems, then there are a lot of problems for Facebook—and both are not going to end anytime sooner. Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy violations, it seems to be just first installment of what Facebook has to pay for continuously ignoring users' privacy. This week, Facebook has been hit with three new separate investigations from various governmental authorities—both in the United States and abroad—over the company's mishandling of its users' data . New York Attorney General to Investigate Facebook Email Collection Scandal New York Attorney General is opening an investigation into Facebook's unauthorized collection of the email contacts of more than 1.5 million users during site registration without their permission. Earlier this month, Facebook was caught practicing the worst ever user-verification mechanism
Facebook Could Be Fined Up To $5 Billion Over Privacy Violations

Facebook Could Be Fined Up To $5 Billion Over Privacy Violations

April 25, 2019Mohit Kumar
Facebook expects to face a massive fine of up to $5 billion from the Federal Trade Commission (FTC) as the result of an investigation into its privacy policies—that's about one month's revenue for the social media giant. To be clear the amount of fine is not what the FTC has announced or hinted yet; instead, it's an estimated due that Facebook disclosed on Wednesday in its first quarter 2019 financial earnings report. In its earnings report, Facebook said the company had set $3 billion aside in anticipation of the settlement with the FTC, who launched a probe into Facebook following the Cambridge Analytica scandal . The probe centers around the violation of a 2011 agreement Facebook made with the FTC that required the social media to gain explicit consent from users to share their data. The FTC launched an investigation into Facebook last year after it was revealed that the company allowed Cambridge Analytica access to the personal data of around 50 million Face
Facebook Stored Millions of Instagram Users' Passwords in Plaintext

Facebook Stored Millions of Instagram Users' Passwords in Plaintext

April 18, 2019Swati Khandelwal
Facebook late last month revealed that the social media company mistakenly stored passwords for "hundreds of millions" of Facebook users in plaintext, including "tens of thousands" passwords of its Instagram users as well. Now it appears that the incident is far worse than first reported. Facebook today quietly updated its March press release, adding that the actual number of affected Instagram users were not in hundreds of thousands but millions. These plaintext passwords for millions of Instagram users, along with millions of Facebook users, were accessible to some of the Facebook engineers, who according to the company, did not abuse it. According to the updated post, Facebook discovered "additional logs of Instagram passwords" stored in a readable format, but added that its investigation revealed that the stored passwords were never "abused or improperly accessed" by any of its employees. Here's the full updated statement p
Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission

Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission

April 18, 2019Swati Khandelwal
Not a week goes without a new Facebook blunder. Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity? At the time, it was suspected that Facebook might be using access to users' email accounts to unauthorizedly and secretly gather a copy of their saved contacts. Now it turns out that the collection of email contacts was true, Facebook finally admits. In a statement released on Wednesday, Facebook said the social media company "unintentionally" uploaded email contacts from up to 1.5 million new users on its servers, without their consent or knowledge, since May 2016. In other words, nearly 1.5 million users had shared passwords for their email accounts with Facebook as part of its dubious verification process. A Facebook spokesperson shared information with Business Insider that the company was using harvested data to "build Facebook'
Russia Fines Facebook $47 Over Citizens' Data Privacy Dispute

Russia Fines Facebook $47 Over Citizens' Data Privacy Dispute

April 12, 2019Wang Wei
Yes, you read that right! Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country's controversial Data Localization law. It's bizarre and unbelievable, but true. In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and Facebook asking them to provide information about the location of servers that store the personal data of its citizens. Roskomnadzor – also known as the Federal Service for Supervision in the Sphere of Telecom, Information Technologies, and Mass Communications – is Russian telecommunications watchdog that runs a huge blacklist of websites banned in Russia. Though the social media platforms had one month to reply, they choose not to disclose this information, as a result of which Moscow's Tagansky District Court imposed 3,000 rubles fine on Twitter last week and the same on Facebook today. The fine is the minimum that Russian courts can impose on companies for violatin
540 Million Facebook User Records Found On Unprotected Amazon Servers

540 Million Facebook User Records Found On Unprotected Amazon Servers

April 03, 2019Mohit Kumar
It's been a bad week for Facebook users. First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now… ...the bad week gets worse with a new privacy breach. More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers. The exposed datasets do not directly come from Facebook; instead, they were collected and unsecurely stored online by third-party Facebook app developers. Researchers at the cybersecurity firm UpGuard today revealed that they discovered two datasets—one from a Mexican media company called Cultura Colectiva and another from a Facebook-integrated app called "At the pool"—both left publicly accessible on the Internet. More than 146 GB of data collected by Cultura Colectiva contains over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more. The
Facebook Caught Asking Some Users Passwords for Their Email Accounts

Facebook Caught Asking Some Users Passwords for Their Email Accounts

April 03, 2019Swati Khandelwal
Facebook has been caught practicing the worst ever user-verification mechanism that could put the security of its users at risk. Generally, social media or any other online service asks users to confirm a secret code or a unique URL sent to the email address they provided for the account registration. However, Facebook has been found asking some newly-registered users to provide the social network with the passwords to their email accounts, which according to security experts is a terrible idea that could threaten privacy and security of its users. First noticed by Twitter account e-Sushi using the handle @originalesushi, Facebook has been prompting users to hand over their passwords for third-party email services, so that the company can "automatically" verify their email addresses. However, the prompt only appears for email accounts from certain email providers which Facebook considers to be suspicious. "Tested it myself registering 3 times with 3 differe
How to Stop Facebook App From Tracking Your Location In the Background

How to Stop Facebook App From Tracking Your Location In the Background

February 22, 2019Swati Khandelwal
Every app installed on your smartphone with permission to access location service "can" continually collect your real-time location secretly, even in the background when you do not use them. Do you know? — Installing the Facebook app on your Android and iOS smartphones automatically gives the social media company your rightful consent to collect the history of your precise location. If you are not aware, there is a setting called "Location History" in your Facebook app that comes enabled by default, allowing the company to track your every movement even when you are not using the social media app. So, every time you turn ON location service/GPS setting on your smartphone, let's say for using Uber app or Google Maps, Facebook starts tracking your location. Users can manually turn Facebook's Location History option OFF from the app settings to completely prevent Facebook from collecting your location data, even when the app is in use. However, unf
How to Delete Accidentally Sent Messages, Photos on Facebook Messenger

How to Delete Accidentally Sent Messages, Photos on Facebook Messenger

February 06, 2019Swati Khandelwal
Ever sent a message on Facebook Messenger then immediately regretted it, or an embarrassing text to your boss in the heat of the moment at late night, or maybe accidentally sent messages or photos to a wrong group chat? Of course, you have. We have all been through drunk texts and embarrassing photos many times that we later regret sending but are forced to live with our mistakes. Good news, Facebook is now giving us a way to erase our little embarrassments. After offering a similar feature to WhatsApp users two years ago, Facebook is now rolling out a long-promised option to delete text messages, photos, or videos inside its Messenger application starting from Tuesday, February 5. You Have 10 Minutes to Delete Sent Facebook Messages The unsend feature allows users to delete a message within 10 minutes of sending it, for both individual and group chats. Previously, Messenger offered the "delete" option that allowed users to only delete messages for them—but t
Facebook Paid Teens $20 to Install 'Research' App That Collects Private Data

Facebook Paid Teens $20 to Install 'Research' App That Collects Private Data

January 30, 2019Swati Khandelwal
If you are thinking that Facebook is sitting quietly after being forced to remove its Onavo VPN app from Apple's App Store, then you are mistaken. It turns out that Facebook is paying teenagers around $20 a month to use its VPN app that aggressively monitors their smartphone and web activity and then sends it back to Facebook. The social media giant was previously caught collecting some of this data through Onavo Protect , a Virtual Private Network (VPN) service that it acquired in 2013. However, the company was forced to pull the app from the App Store in August 2018 after Apple found that Facebook was using the VPN service to track its user activity and data across multiple apps, which clearly violates its App Store guidelines on data collection. Onavo Protect became a data collection tool for Facebook helping the company track smartphone users' activities across multiple different apps to learn insights about how Facebook users use third-party apps. Facebook&#
New Facebook Bug Exposed 6.8 Million Users Photos to Third-Party Apps

New Facebook Bug Exposed 6.8 Million Users Photos to Third-Party Apps

December 14, 2018Mohit Kumar
Facebook's latest screw-up — a programming bug in Facebook website accidentally gave 1,500 third-party apps access to the unposted Facebook photos of as many as 6.8 million users. Facebook today quietly announced that it discovered a new API bug in its photo-sharing system that let 876 developers access users' private photos which they never shared on their timeline, including images uploaded to Marketplace or Facebook Stories. "When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline. In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories," Facebook said. What's worse? The bug even exposed photos that people uploaded to Facebook but chose not to post or didn't finish posting it for some reason. The flaw left users' private data exposed for 12 days, between September 13th an
Get paid up to $40,000 for finding ways to hack Facebook or Instagram accounts

Get paid up to $40,000 for finding ways to hack Facebook or Instagram accounts

November 21, 2018Mohit Kumar
Here we have great news for all bug bounty hunters. Now you can get paid up to $40,000 for finding and responsibly reporting critical vulnerabilities in the websites and mobile applications owned by Facebook that could allow cyber attackers to take over user accounts. In the latest post published Tuesday on the Facebook page, the social networking giant announced that it has raised the monetary reward for account takeover vulnerabilities to encourage security researchers and bug bounty hunters in helping Facebook to fix high impact issues before nefarious hackers exploit them. The announcement says: Cybersecurity researchers who find security vulnerabilities in any products owned by Facebook , including Instagram , WhatsApp , and Oculus , that can lead to a full account takeover, including access tokens leakage or the ability to access users' valid sessions, will be rewarded an average bounty of: $40,000 reward—if user interaction is not required at all $25,000 reward—
Another Facebook Bug Could Have Exposed Your Private Information

Another Facebook Bug Could Have Exposed Your Private Information

November 13, 2018Swati Khandelwal
Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world's most popular social network at risk. Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results for entered queries. According to Imperva researcher Ron Masas, the page that displays search results includes iFrame elements associated with each outcome, where the endpoint URLs of those iFrames did not have any protection mechanisms in place to protect against cross-site request forgery (CSRF) attacks. It should be noted that the newly reported vulnerability has already been patched, and unlike previously disclosed flaw in Facebook that exposed personal information of 30 million users , it did not allow attackers to extract information from mass accounts at once. How Does the Facebo
Facebook Fined £500,000 for Cambridge Analytica Data Scandal

Facebook Fined £500,000 for Cambridge Analytica Data Scandal

October 25, 2018Swati Khandelwal
Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users . The fine has been imposed by the UK's Information Commissioner's Office ( ICO ) and was calculated using the UK's old Data Protection Act 1998 which can levy a maximum penalty of £500,000 — ironically that’s equals to the amount Facebook earns every 18 minutes. The news does not come as a surprise as the U.K.'s data privacy watchdog already notified the social network giant in July this year that the commission was intended to issue the maximum fine. For those unaware, Facebook has been under scrutiny since earlier this year when it was revealed that the personal data of 87 million users was improperly gathered and misused by political consultancy firm Cambridge Analytica , who reportedly helped Donald Trump win the US presidency in 2016. The ICO, who launched an investigation
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.