Connect with us

General

The Facebook hack affecting 50 million people also let the attackers access users’ Tinder, Spotify, and Instagram accounts (FB)

Published

on

Loading...


  • Facebook got hacked, it revealed on Friday — and 50 million users’ accounts were compromised.
  • What’s more, if the victims logged into other services — like Tinder, Instagram, or Spotify — with their Facebook accounts, those might be affected to.
  • It’s not clear whether the attackers did this, but the possibility may force companies that rely on Facebook’s login system to launch their own investigations.
  • Facebook CEO Mark Zuckerberg was among the 50 million affected users.

Life just got worse for the 50 million people caught up in what may be the biggest hack of Facebook ever.

On Friday, the Silicon Valley tech firm revealed that it had detected a security breach in which an as-yet unknown attacker, or attackers, managed to gain access to tens of millions of users’ accounts by exploiting vulnerabilities in its software.

But it wasn’t until a second, follow-up conference call with reporters on Friday that Facebook acknowledged one of the most alarming parts of the incident: Not only did the hackers obtain the ability to access the Facebook accounts of the affected users, they also had access to any other service in which a person used their Facebook account to register — including apps like Tinder, Spotify, and Airbnb.

Instagram, which is owned by Facebook, may also have been affected.

The revelation drastically widens the potential impact of the hack, putting people’s private data elsewhere across the web at risk. It may force the numerous major companies and startups reliant on Facebook’s login service to audit their own systems for evidence of malicious activity as a result.

Tinder, Airbnb, and Spotify — perhaps three of the highest-profile tech companies to use Facebook’s login service — did not immediately respond to Business Insider’s request for comment.

So what happened? In short, the attackers found a way to trick Facebook into issuing them “access tokens” — basically, digital keys — that let them access other users’ accounts as if they were that user. After spotting some unusual activity earlier this month, Facebook realized what was going on on Tuesday evening and subsequently revoked these access tokens before disclosing the hack publicly on Friday — though not before 50 million people were affected.

These access keys also let the attackers theoretically access any other services that someone used Facebook’s login service to log in to, whether that’s dating app Tinder, or a niche smartphone game, and gain access to highly personal information.

It’s not clear whether this has actually occurred — when asked, a Facebook exec said only that the company was early in its investigation — but the possibility may force the other companies to undertake their own investigations into the issue.

Loading...

It’s also not yet clear who is behind the attack on Facebook, or whether the attacks were targeted, and the reason behind it. Facebook has now patched the vulnerabilities and revoked the compromised access tokens, forcing affected users to log back in (though their passwords haven’t been compromised, the company says) and notifying them about the issue.

But there are at least two high-profile victims of the hack that we know about: Facebook CEO Mark Zuckerberg, and COO Sheryl Sandberg. A spokesperson confirmed that the company’s two top execs were both among the tens of millions of users affected.

Do you work at Facebook? Got a tip? Contact this reporter via Signal or WhatsApp at +1 (650) 636-6268 using a non-work phone, email at [email protected], WeChat at robaeprice, or Twitter DM at @robaeprice. (PR pitches by email only, please.) You can also contact Business Insider securely via SecureDrop.

Now read:



Loading...
Continue Reading

General

PwC lauds ease of Customs tax

Published

on

Loading...

PwC has commended the Kenya Revenue Authority (KRA) for lifting restrictions on warehousing of goods in Customs bonded warehouses, noting that the action will enhance the competitiveness of Kenya as a global and regional logistics hub.
PWC said the policy will also boost to businesses that utilise Customs bonded warehouses to store goods, defer payment of duties and are involved in regional trade. It however called for consistency in tax law.
“We expect that with Customs having lifted restrictions on warehousing of goods will help contribute to the State’s agenda of reviving the economy in light of the ravages of Covid-19, improve cash flow and stock management for businesses,” said Indirect Taxes Associate Director at PwC Kenya Maurice Mwaniki.
“We expect this will once again enhance the competitiveness of Kenya as a global and regional logistics hub and assist attract inward investment into Kenya.”

Loading...

PWC

Kenya Revenue Authority

Loading...
Continue Reading

General

Kenya: Court Cancels Former Rugby Player Alex Olaba’s Sh300,000 Bail

Published

on

Loading...

Nairobi — A Nairobi Chief Magistrate’s Court has cancelled the Sh300,000 cash bail issued on former rugby player Alex Olaba, after the prosecution said he had committed an offense of conspiracy to murder while he was still face a change of gang rape.

Trial Magistrate Zainab Abdul said the accused committed the offense while he was out on bond and proceeded to threaten the complainant in the case.

Olaba will remain in custody until the two cases are heard and determined. He wull be back in court on June 3 for purposes of taking a hearing date.

Loading...

The former Kenya Sevens and Kenya Harlequins player was arrested last month by detectives for allegedly trying to hatch a plot to kill witnesses in the case.

At the same time, the Court has also barred the media from publishing images of the complainant and directed that the matter will be heard in camera.

Olaba was previously charged with Frank wanyama with an offense of gang rape in 2019. They had been found gulty and sentenced to 15 years in jail. They however appealed against the sentence and the same was quashed by the High Court on a technicality.

The duo was later arrested in 2020 and charged afresh

When the matter came up for mention in April 22nd the suspect mulamba did not appear virtually instead he told the court that he was away in Bungoma, but according to the investigating officer he lied to the court he was in Nairobi.

Loading...
Continue Reading

General

Kapsabet Boys are kings in Rift Valley in 2020 KCSE exam

Published

on

Loading...

Kapsabet Boys had two candidates ranked among the top 15 students nationally in the 2020 KCSE exam. 

Top girl

KCSE giants

Female candidates

Loading...
Continue Reading
Advertisement
Loading...
Advertisement
Loading...

Trending