The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Facebook security

Facebook admits public data of its 2.2 billion users has been compromised

Facebook admits public data of its 2.2 billion users has been compromised

April 05, 2018Mohit Kumar
Facebook dropped another bombshell on its users by admitting that all of its 2.2 billion users should assume malicious third-party scrapers have compromised their public profile information. On Wednesday, Facebook CEO Mark Zuckerberg revealed that "malicious actors" took advantage of "Search" tools on its platform to discover the identities and collect information on most of its 2 billion users worldwide. The revelation once again underlines the failure of the social-media giant to protect users' privacy while generating billions of dollars in revenue from the same information. The revelation came weeks after the disclosure of the Cambridge Analytica scandal , wherein personal data of 77 million users was improperly gathered and misused by the political consultancy firm, who reportedly also helped Donald Trump win the US presidency in 2016. However, the latest scam revealed by the social media giant about the abuse of Facebook's search tools over the
Facebook Collected Your Android Call History and SMS Data For Years

Facebook Collected Your Android Call History and SMS Data For Years

March 25, 2018Swati Khandelwal
Facebook knows a lot about you, your likes and dislikes—it's no surprise. But do you know, if you have installed Facebook Messenger app on your Android device, there are chances that the company had been collecting your contacts, SMS, and call history data at least until late last year. A tweet from Dylan McKay, a New Zealand-based programmer, which received more than 38,000 retweets (at the time of writing), showed how he found his year-old data—including complete logs of incoming and outgoing calls and SMS messages—in an archive he downloaded (as a ZIP file) from Facebook. Facebook was collecting this data on its users from last few years, which was even reported earlier in media, but the story did not get much attention at that time. Since Facebook had been embroiled into controversies over its data sharing practices after the Cambridge Analytica scandal last week, tweets from McKay went viral and has now fueled the never-ending privacy debate. A Facebook spokespe
Facebook and Cambridge Analytica – What's Happened So Far

Facebook and Cambridge Analytica – What's Happened So Far

March 23, 2018Swati Khandelwal
Top Story— Facebook has just lost over $60 billion in market value over the past two days—that's more than Tesla's entire market capitalisation and almost three times that of Snapchat. Facebook shares plunge over revelations that personal data of 50 million users was obtained and misused by British data analytics firm ' Cambridge Analytica ,' who reportedly helped Donald Trump win the US presidency in 2016. The privacy scandal that rocked the social media giant was revealed earlier this week when Chris Wylie , the 28-year-old data scientist who worked with a Cambridge University academic, turned into a whistleblower and leaked to the newspapers how poorly Facebook handles people's private information. Wylie claims Cambridge Analytica created " Steve Bannon's psychological warfare mindf**k tool " that profiles citizens to predict their voting patterns based on the personal information gathered from a variety of sources and then helps political
Wait, Do You Really Think That’s A YouTube URL? Spoofing Links On Facebook

Wait, Do You Really Think That's A YouTube URL? Spoofing Links On Facebook

October 30, 2017Mohit Kumar
While scrolling on Facebook how you decide which link/article should be clicked or opened? Facebook timeline and Messenger display title, description, thumbnail image and URL of every shared-link, and this information are enough to decide if the content is of your interest or not. Since Facebook is full of spam, clickbait and fake news articles these days, most users do not click every second link served to them. But yes, the possibility of opening an article is much higher when the content of your interest comes from a legitimate and authoritative website, like YouTube or Instagram. However, what if a link shared from a legitimate website lands you into trouble? Even before links shared on Facebook could not be edited, but to stop the spread of misinformation and false news, the social media giant also removed the ability for Pages to edit title, description, thumbnail image of a link in July 2017. However, it turns out that—spammers can spoof URLs of the shared-links t
Facebook slapped with $1.43 million fine for violating users' privacy in Spain

Facebook slapped with $1.43 million fine for violating users' privacy in Spain

September 11, 2017Wang Wei
Facebook is once again in trouble regarding its users' privacy. The social media giant has recently been heavily fined once again for a series of privacy violations in Spain. Recently, Google also incurred a record-breaking fine of $2.7 billion (€2.42 billion) by the European antitrust officials for unfairly manipulating search results since at least 2008. Now, the Spanish Data Protection Agency (AEPD) has issued a €1.2 Million (nearly $1.4 Million) fine against Facebook for breaching laws designed to protect its people's information and confidentiality. According to the data protection watchdog, the social network collects its users' personal data without their 'unequivocal consent' and makes the profit by sharing the data with advertisers and marketers. The AEPD also found Facebook collects sensitive data on user's ideology, religious beliefs, sex and personal tastes and navigation—either directly from its own services or through third parties—w
Facebook Unveils 'Delegated Recovery' to Replace Traditional Password Recovery Methods

Facebook Unveils 'Delegated Recovery' to Replace Traditional Password Recovery Methods

January 31, 2017Mohit Kumar
How do you reset the password for your Facebook account if your primary email account also gets hacked? Using SMS-based security code or maybe answering the security questions? Well, it's 2017, and we are still forced to depend on insecure and unreliable password reset schemes like email-based or SMS code verification process. But these traditional access recovery mechanisms aren't safe enough to protect our all other online accounts linked to an email account. Yahoo Mail can be used as an excellent example. Once hackers have access to your Yahoo account, they can also get into any of your other online accounts linked to the same email just by clicking the link that says, "Forgot your password?" Fortunately, Facebook has a tool that aims to fix this process, helping you recover access to all your other online accounts securely. At the Enigma Conference in Oakland, California on Monday, Facebook launched an account recovery feature for other websites
Facebook Adds FIDO U2F Security Keys Feature For Secure Logins

Facebook Adds FIDO U2F Security Keys Feature For Secure Logins

January 27, 2017Mohit Kumar
Hacking password for a Facebook account is not easy, but also not impossible. We have always been advising you to enable two-factor authentication — or 2FA — to secure your online accounts, a process that requires users to manually enter, typically a six-digit secret code generated by an authenticator app or received via SMS or email. So even if somehow hackers steal your login credentials, they would not be able to access your account without one-time password sent to you. But, Are SMS-based one-time passwords Secure? US National Institute of Standards and Technology (NIST) is also no longer recommending SMS-based two-factor authentication systems , and it's not a reliable solution mainly because of two reasons: Users outside the network coverage can face issues Growing number of sophisticated attacks against OTP schemes So, to beef up the security of your account, Facebook now support Fido-compliant Universal 2nd Factor Authentication (U2F), allows users to log into
Beware! Malicious JPG Images on Facebook Messenger Spreading Locky Ransomware

Beware! Malicious JPG Images on Facebook Messenger Spreading Locky Ransomware

November 25, 2016Swati Khandelwal
If you receive an image file sent by someone, even your friend, on your Facebook Messenger, LinkedIn or any other social media platform, just DO NOT CLICK ON IT. Even JPG image file could eventually infect your computer with the infamous Locky Ransomware . Earlier this week, we reported a new attack campaign that used Facebook Messenger to spread Locky Ransomware via .SVG image files, although Facebook denied this was the case. Now, researchers have discovered that the ongoing spam campaign is also using boobytrapped .JPG image files in order to download and infect users with the Locky Ransomware via Facebook, LinkedIn, and other social networking platforms. Security researchers from Israeli security firm Check Point have reportedly discovered how cyber criminals are hiding malware in image files, and how they are executing the malware code within these images to infect social media users with Locky variants. According to researchers, malware authors have discovered secu
Facebook Buys Leaked Passwords From Black Market, But Do You Know Why?

Facebook Buys Leaked Passwords From Black Market, But Do You Know Why?

November 10, 2016Mohit Kumar
Facebook is reportedly buying stolen passwords that hackers are selling on the underground black market in an effort to keep its users' accounts safe. On the one hand, we just came to know that Yahoo did not inform its users of the recently disclosed major 2014 hacking incident that exposed half a billion user accounts even after being aware of the hack in 2014. On the other hand, Facebook takes every single measure to protect its users' security even after the company managed to avoid any kind of security scandal, data breach or hacks that have recently affected top notch companies. Speaking at the Web Summit 2016 technology conference in Portugal, Facebook CSO Alex Stamos said that over 1.3 Billion people use Facebook every day, and keeping them secure is building attack-proof software to keep out hackers, but keeping them safe is actually a huge task. Stamos said there is a difference between 'security' and 'safety,' as he believes that his team
Facebook releases Osquery Security Tool for Windows

Facebook releases Osquery Security Tool for Windows

September 27, 2016Swati Khandelwal
OSquery , an open-source framework created by Facebook that allows organizations to look for potential malware or malicious activity on their networks, was available for Mac OS X and Linux environments until today. But now the social network has announced that the company has developed a Windows version of its osquery tool , too. When Facebook engineers want to monitor thousands of Apple Mac laptops across their organization, they use their own untraditional security tool called OSquery. OSquery is a smart piece of cross-platform software that scans every single computer on an infrastructure and catalogs every aspect of it. Then SQL-based queries allow developers and security teams to monitor low-level functions in real-time and quickly search for malicious behavior and vulnerable applications on their infrastructure. In simple words, OSquery allows an organization to treat its infrastructure as a database, turning OS information into a format that can be queried using SQL
Hacker reveals How He Could have Hacked Multiple Facebook Accounts

Hacker reveals How He Could have Hacked Multiple Facebook Accounts

August 27, 2016Swati Khandelwal
How to Hack a Facebook Account? That's possibly the most frequently asked question on the Internet today. Though the solution is hard to find, a white hat hacker has just proven how easy it is to hack multiple Facebook accounts with some basic computer skills. Your Facebook account can be hacked, no matter how strong your password is or how much extra security measures you have taken. No joke! Gurkirat Singh from California recently discovered a loophole in Facebook's password reset mechanism that could have given hackers complete access to the victim's Facebook account, allowing them to view message conversations and payment card details, post anything and do whatever the real account holder can. The attack vector is simple, though the execution is quite difficult. The issue, Gurkirat ( @GurkiratSpeca ) says, actually resides in the way Facebook allows you to reset your password. The social network uses an algorithm that generates a random 6-digit passcode ‒
I'm Warning You, Don't Read this Article. It's a Federal Crime!

I'm Warning You, Don't Read this Article. It's a Federal Crime!

July 14, 2016Swati Khandelwal
Yes, you heard it right. If I tell you not to visit my website, but you still visit it knowing you are disapproved, you are committing a federal crime, and I have the authority to sue you. Wait! I haven't disapproved you yet. Rather I'm making you aware of a new court decision that may trouble you and could have big implications going forward. The United States Court of Appeals for the Ninth Circuit has taken a critical decision on the Computer Fraud and Abuse Act (CFAA): Companies can seek civil and criminal penalties against people who access or visit their websites without their permission. Even Sharing Password is also a Federal Crime... Yes, a similar weird decision was taken last week when the Ninth Circuit Court of Appeals ruled that sharing passwords can be a violation of the CFAA, making Millions of people who share their passwords "unwitting federal criminals." Now, you might be wondering how visiting a publically open website could be a crime. We
STOP Sharing that Facebook Privacy and Permission Notice, It's a HOAX

STOP Sharing that Facebook Privacy and Permission Notice, It's a HOAX

June 28, 2016Swati Khandelwal
Recently, you may have seen some of your Facebook friends started posting a Facebook " Privacy Notice " clarifying that they no longer give Facebook permission to use their photos, personal information, and so on. The Privacy message looks something like this: "From Monday, 27th June, 2016, 1528 IST, I don't give Facebook permission to use my pictures, my information or my publications, both of the past and the future, mine or those where I show up. By this statement, I give my notice to Facebook it is strictly forbidden to disclose, copy, distribute, give, sell my information, photos or take any other action against me on the basis of this profile and/or its contents. The content of this profile is private and confidential information. The violation of privacy can be punished by law (UCC 1-308-1 1 308-103 and the Rome statute). Note: Facebook is now a public entity. All members must post a note like this. If you prefer, you can copy and paste this version.
Ever Wondered How Facebook Decides — How much Bounty Should be Paid?

Ever Wondered How Facebook Decides — How much Bounty Should be Paid?

March 18, 2016Mohit Kumar
Facebook pays Millions of dollars every year to researchers and white hat hackers from all around the world to stamp out security holes in its products and infrastructure under its Bug Bounty Program. Facebook recognizes and rewards bug hunters to encourage more people to help the company keep Facebook users safe and secure from outside entities, malicious hackers or others. Recently, the social media giant revealed that India is on top of all countries to report the maximum number of vulnerabilities or security holes in the Facebook platform as well as holds the top position in the country receiving the most bug bounties paid. "India is home to the largest population of security researchers participating in the Facebook bug bounty program since its inception in 2011. The country also holds the top spot for most bounties paid," Adam Ruddermann, Facebook's technical program manager notes . If you are one of the Facebook's bug hunters, you might be aware of the fact t
Hacker Reveals How to Hack Any Facebook Account

Hacker Reveals How to Hack Any Facebook Account

March 08, 2016Swati Khandelwal
Hacking Facebook account is one of the major queries of the Internet user today. It's hard to find — how to hack Facebook account , but an Indian hacker just did it. A security researcher discovered a 'simple vulnerability' in the social network that allowed him to easily hack into any Facebook account, view message conversations, post anything, view payment card details and do whatever the real account holder can. Facebook bounty hunter Anand Prakash from India recently discovered a Password Reset Vulnerability , a simple yet critical vulnerability that could have given an attacker endless opportunities to brute force a 6-digit code and reset any account's password. Here's How the Flaw Works The vulnerability actually resides in the way Facebook's beta domains handle 'Forgot Password' requests. Facebook lets users change their account password through Password Reset procedure by confirming their Facebook account with a 6-digit c
France Orders Facebook To Stop Tracking Non-Users or Face Fines

France Orders Facebook To Stop Tracking Non-Users or Face Fines

February 09, 2016Unknown
8th February 2016 would be considered as a cursed day in the history of Facebook. You might have known that just yesterday India bans Facebook's Free Basic Internet in the country. Now, Zuckerberg had got another bombshell in the form of a French Order from the European Data Protection Authority, who ordered Facebook to stop tracking non-users' online activity and to stop data transfers of personal data to the US servers. Facebook Is Following You Everywhere Do you know: Facebook can still track you, even if you log out, with the help of its tracking cookies and plugins ( like, share buttons ) placed on any 3rd-party website. Facebook knows what sites you are visiting, and by " you ," I mean specifically your account, not an anonymous Facebook user . As per the French Order, Facebook is not legalized to track the web browsing habits of all European citizens, even those without a Facebook account. The French Government had also provided a tim
Facebook Will Now Notify You If NSA is Spying on You

Facebook Will Now Notify You If NSA is Spying on You

October 19, 2015Swati Khandelwal
Facebook just launched a new notification feature that will alert you if the social network strongly suspects that your account is being hijacked or targeted by hackers working in the interest of a nation-state. The message, which you can see below, recommends users to turn ON " Login Approvals ," so that their Facebook accounts can only be accessed using stronger two-factor authentication. Facebook insists that some necessary steps are already taken to secure users' Facebook accounts that may be targeted by hackers, but the company has also stepped up to directly warn its users when a government-sponsored attack is under away. In a blog post published Saturday, Facebook Chief Security Officer (CSO) Alex Stamos announced that this step to secure accounts is necessary "because these types of attacks tend to be more advanced and dangerous than others." Stamos added that "it's important to understand that this warning is not related t
Here's What Facebook 'Dislike or Empathy Button' Would Look Like

Here's What Facebook 'Dislike or Empathy Button' Would Look Like

September 22, 2015Mohit Kumar
A Facebook Dislike button is one of the most frequently requested features from users for years. Earlier in the last week, Facebook finally confirmed its plans to add a Dislike or Empathy to your Facebook Profile and News Feed. If you are thinking that Facebook Dislike is going to be a thumbs-down button, then you are dead wrong. Why Not Thumbs-Down? Because: … The Dislike Concept will lead to more bad behavior than good — vitriol or bullying or worse. Facebook's founder Mark Zuckerberg says, " We didn't want to just build a Dislike button because we don't want to turn Facebook into a forum where people are voting up or down on people's posts. " So what will this Dislike or Empathy button look like? Instead of a simple thumbs down to express disapproval or pity, it could be as simple as Emojis. Yes, Emojis reaction ( Emoticons ) Faces. A ' two-years old ' Patent filed by Facebook uncovered how the new feature might work. The Patent illustr
Change this Facebook Privacy Setting That Could Allow Hackers to Steal Your Identity

Change this Facebook Privacy Setting That Could Allow Hackers to Steal Your Identity

August 13, 2015Khyati Jain
Facebook User: Who Can Find Me...? Hacker: Yes, I CAN!! A Security Researcher claimed " digi-crims could easily scan the population of an entire country to find targets ". Reza Moaiandin , technical director at Salt Agency, has figured out a way to exploit an important Facebook feature to gather personal data belonging to the users. Facebook Privacy Setting That Makes Your Identity Vulnerable If you pay attention to the security settings in your Facebook profile, you will find a privacy setting that says ' Who can look me up? ', or " Who can look you up using the phone number you provided? " which has been set to ' Everyone ' by default. This configuration allows you to search anyone just by entering his or her phone number; as a result, the search box in Facebook will display the profile of that person. But, Can you imagine, How Cybercriminals can take advantage of this crucial privacy blunder? By exploiting this default feature with a sim
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.