SingCERT urges vigilance in wake of Facebook security breach

Facebook announced that hackers had stolen the digital login codes for at least 50 million of its accounts on Sept 29, 2018.
Facebook announced that hackers had stolen the digital login codes for at least 50 million of its accounts on Sept 29, 2018.PHOTO: AFP

SINGAPORE - The Singapore Computer Emergency Response Team (SingCERT) issued an advisory on Saturday (Sept 29) in response to the recent Facebook security breach.

On Friday, Facebook announced that hackers had stolen the digital login codes for at least 50 million of its accounts.

Described as "a really serious security issue" by Facebook's chief executive office Mark Zuckerberg, the breach was the worst ever in the history of Facebook.

SingCERT's advisory explained that the hackers had exploited a previously unknown vulnerability found on Facebook's "View As" feature to gain unauthorised access to user accounts.

The vulnerability allowed attackers to steal the user's access tokens, which they could then use to gain access to the Facebook account and other third-party websites that the user had logged into using their Facebook credentials.

The social media giant has over 2.2 billion monthly users, many of whom link their Facebook accounts with other services including mobile applications, other social media accounts, and music streaming platforms.

Aside from informing the public about the breach, the advisory explained the potential impact of the breach.

 
 

One possible issue is that hackers could leverage the vulnerability in Facebook's "View As" feature to access the personal information stored in users' Facebook accounts.

Such information could then be used to aid scammers in making scam and phishing attempts appear more credible.

Facebook said that it has fixed the vulnerability, taken immediate steps to rectify the issue, such as temporarily disabling the "View As" feature, and conducting a thorough security review.

However, SingCERT said that there are several things it recommends users do in the wake of the incident.

First, users should be vigilant to phishing attempts, such as unsolicited or suspicious calls and e-mails.

Next, users should also monitor for signs of misuse of their Facebook accounts.

SingCERT also encouraged users to enable two-factor authentication for better account security.

Although there is no evidence that users need to change their passwords, SingCERT said it is a good cyber hygiene practice to do so.

Finally, it is recommended that those who wish to find out more about good cyber hygiene practices visit https://www.csa.gov.sg/gosafeonline/go-safe-for-me/homeinternetusers/cyb...