 "Facebook users must log out, re-login into gadgets, at all times: Experts")
As the newly-appointed Facebook India MD takes charge next year, he will have his plate full of responsibilities. Apart from working on Facebook’s India strategy and driving the social network giant’s investments in the country, he will have to clear the air on Facebook data breach, which has impacted over 50 million users around the globe.
Since India is the biggest market for the Mark Zuckerberg-founded company with over 270 million users, a major number of accounts from here are likely to have been compromised.
Basically, this breach disclosed the access token of the users and the whole Facebook app runs on access tokens. It was leaked for about 50 million users because of which the attacker could impersonate the user completely without knowing his/her ID or password.
“If you’ve ever wondered what keeps you logged into your account even after you restart your laptop/browser - those are access tokens (cookies). In this case, hackers were able to steal these tokens. It means the hacker could fool Facebook servers to believe they are the authorised users of the target’s account that would give the attacker complete access to the target’s account,” explained Saket Modi, CEO & Co-Founder, Lucideus.
Facebook had said it had invalidated access tokens for the accounts, causing those users to be logged out.
"These people will now have to log back in to access their accounts again and we will also notify these people in a message on top of their News Feed about what happened when they log back in," the Facebook CEO Zuckerberg had said.
Anand Prakash, founder of cyber security company AppSecure, said even though the social networking website has reset all the access tokens which were impacted, it doesn’t solve the problem because most of the websites have login from Facebook option, including Instagram, Tinder, MakeMyTrip, SnapChat and Zomato.
“So if an attacker had used my access token to log into another account, say MakeMyTrip, my session is still valid and it can be accessed by the hacker, and Facebook does not have any control on that,” said Prakash, whose own account was also compromised in August.
As a precaution, Modi said, “I recommend all Facebook users to log out and re-login into all the gadgets that you have your Facebook session active like your cell phone (app or browser), laptop, desktop.”
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%