Facebook data breach3/3/2023 ![]() Stronger protection for API infrastructures Attackers took over accounts, stole private information and photos and sometimes extracted credit card numbers. We have recently seen a spike in breaches that resulted from vulnerabilities in API infrastructures including at T-Mobile, Verizon, Snapchat, oBike, Panera, PF Chang’s, LocationSmart and more. Cambridge Analytica used a “loophole” in Facebook’s APIs to collect data from over 80 million users between 20. This allowed the attacker to steal the other user’s Facebook access token, which could then be used to take over other accounts.īut this is not the first time Facebook is in the news due to the misuse of its APIs. Unfortunately, the vulnerability resulted in the generation of an access token that had the permissions of the Facebook mobile app, not for the viewer, but for the other Facebook user. Mark Zuckerberg said that the attackers used Facebook developer APIs to obtain profile information such as name, gender and hometowns, but the investigation may end up revealing that much more was stolen over the course of the year the vulnerability was out in the open.Īccording to Guy Rosen, VP Product Management at Facebook, attackers exploited a vulnerability in Facebook’s code that impacted “View As,” a feature that lets people see what their own profile looks like to another Facebook user. What we do know is that the credential theft was the result of a vulnerability introduced into the code back in July of 2017 and only recently discovered on September 25, 2018. They admitted that they didn't know what kind of information was stolen, nor how many other user accounts had been compromised as a result of the breach. Facebook announced that a massive data breach had been detected, affecting over 50 million accounts. On Friday, we saw the most recent example of this. ![]() But when a poorly secured API leads to a damaging data breach, the consequences of ignoring this attack vector becomes immediately apparent. After Bloomberg reached out to Facebook for a comment about that breach, an Amazon "storage bucket" with the data from Cultura Colectiva was secured.The vast majority of API attacks are actually undetected and therefore not visible to most organizations. UpGuard said it alerted Cultura Colectiva and Amazon about the breaches from Cultura Colectiva in January, but no action was taken until Wednesday morning.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |