Phishing attacks occur when an attacker pretends to be a trusted entity, fooling you into opening a malicious email or message
Back in September, Facebook revealed that as many as 50 million accounts may have been hacked, due to a “security issue.”
Attackers exploited a vulnerability in Facebook’s code that impacted the “View As” feature that lets people see what their own profile looks like to someone else.
According to Guy Rosen, Facebook’s VP of Product Management: “This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
While the issue has now been resolved, the problems may not end there, according to one expert; we may now also see a string of phishing attacks.
Phishing attacks occur when an attacker pretends to be a trusted entity, fooling you into opening a malicious email or message.
Oz Alashe, CEO of cyber security platform CybSafe, said: “Facebook is going by the book notifying authorities as soon as it detected this vulnerability, and it should be applauded for its quick action.
“However, with a security issue as high profile as this one, it’s likely that phishing attacks will swiftly follow urging recipients to change their Facebook passwords via an email and then directing them to a malicious phishing site.
“It’s important to be extra vigilant, to follow Facebook’s instructions on the site or app, but do not act on unsolicited emails unless you are able to verify the sender.”
This latest breach of personally identifiable information (PII) hit home recently when Dr. Kurt Steinhaus, Superintendent of Los Alamos Public Schools, was revealed to have been targeted in a phishing scam, likely made possible as a result of the larger breach.
Dr. Steinhaus’s compromised social media account is just one example that goes to show that no-one is totally invulnerable. Medical records and protected health information (PHI) are exceptionally high value targets.
Aligned Risk Management suggests an immediate change of your Facebook password, as well as enabling two-factor authentication on Facebook and any other social media platforms where 2FA is available.
Additionally, check out this neat tool to find out if accounts associated with any given email were compromised in any other major breaches in recent memory: Have I Been Pwned.