Facebook hack gets worse as company admits Instagram and other apps were exposed too

Authored by independent.co.uk and submitted by NerdillionTwoMillion

The Facebook hack is even worse than was at first clear, the company has admitted.

The site had already admitted that a hole in its code would allow people to gain access to any account, in a problem that affected some 50 million users.

But it later said that the problem would also affect its "Facebook Login" service, which allows other apps to use people's Facebook account to login.

Shape Created with Sketch. How to stop Facebook from revealing everything about you Show all 9 left Created with Sketch. right Created with Sketch. Shape Created with Sketch. How to stop Facebook from revealing everything about you 1/9 Lock your profile down If you haven’t done this already, do it now. In Settings, hit the Privacy tab. From here, you can control who gets to see your future posts and friends list. Choose from Public, Friends, Only Me and Custom in the dropdown menu. 2/9 Limit old posts Annoyingly, changing this has no effect on who’s able to see your past Facebook posts. Instead, on the Privacy page, you have to click on Limit Past Posts, then select Limit Old Posts and finally hit Confirm on the pop-up. 3/9 Make yourself harder to find You can stop completely random people from adding you by selecting Friends of Friends from the dropdown menu in the Who can send you friend requests? section of the Privacy page. It’s also worth limiting who can find your Facebook profile with your number and email address. At the bottom of the page is the option to prevent search engines outside of Facebook from linking to your profile. 4/9 Control access to your Timeline You can limit who gets to post things on your Timeline and who gets to see posts on your Timeline too. In Settings, go to Timeline and Tagging and edit the sections you want to lock down. 5/9 Block people When you block someone, they won’t be able to see things you post on your Timeline, tag you, invite you to events or groups, start conversations with you or add you as a friend. To do it, go to Settings and Blocking. Annoyingly, you have to block people on Messenger separately. You can also add friends to your Restricted list here, which means they’ll still be friends with you but will only be able to see your public posts and things you share on a mutual friend's Timeline. 6/9 Review tags One of Facebook’s handiest privacy features is the ability to review posts you’re tagged in before they appear on your Timeline. They’ll still be visible on the News Feed while they’re fresh, but won’t be tied to your profile forever. In Timeline and Tagging, enable Timeline review controls. 7/9 Clean up your apps You can view a list of all of the apps you’ve connected to your Facebook account by going to Settings and Apps. The list might be longer than you expected it to be. It’s worth tidying this up to ensure things you no longer use lose access to your personal information. If you don’t want to log into websites and apps with your facebook account, scroll down and turn Platform off. 8/9 Change your ad preferences You can view a list of everything Facebook thinks you’re into and tinker with your ad preferences by going to Settings and Adverts. A lot more information is displayed on the desktop site than the app, so we’d recommend doing this on a computer. 9/9 Download your data Facebook lets you download all of the data it has on you, including the posts you’ve shared, your messages and photos, ads you’ve clicked on and even the IP addresses that are logged when you log in or out of the site. It’s a hell of a lot of information, which you should download to ensure you never over-share on the social network again. 1/9 Lock your profile down If you haven’t done this already, do it now. In Settings, hit the Privacy tab. From here, you can control who gets to see your future posts and friends list. Choose from Public, Friends, Only Me and Custom in the dropdown menu. 2/9 Limit old posts Annoyingly, changing this has no effect on who’s able to see your past Facebook posts. Instead, on the Privacy page, you have to click on Limit Past Posts, then select Limit Old Posts and finally hit Confirm on the pop-up. 3/9 Make yourself harder to find You can stop completely random people from adding you by selecting Friends of Friends from the dropdown menu in the Who can send you friend requests? section of the Privacy page. It’s also worth limiting who can find your Facebook profile with your number and email address. At the bottom of the page is the option to prevent search engines outside of Facebook from linking to your profile. 4/9 Control access to your Timeline You can limit who gets to post things on your Timeline and who gets to see posts on your Timeline too. In Settings, go to Timeline and Tagging and edit the sections you want to lock down. 5/9 Block people When you block someone, they won’t be able to see things you post on your Timeline, tag you, invite you to events or groups, start conversations with you or add you as a friend. To do it, go to Settings and Blocking. Annoyingly, you have to block people on Messenger separately. You can also add friends to your Restricted list here, which means they’ll still be friends with you but will only be able to see your public posts and things you share on a mutual friend's Timeline. 6/9 Review tags One of Facebook’s handiest privacy features is the ability to review posts you’re tagged in before they appear on your Timeline. They’ll still be visible on the News Feed while they’re fresh, but won’t be tied to your profile forever. In Timeline and Tagging, enable Timeline review controls. 7/9 Clean up your apps You can view a list of all of the apps you’ve connected to your Facebook account by going to Settings and Apps. The list might be longer than you expected it to be. It’s worth tidying this up to ensure things you no longer use lose access to your personal information. If you don’t want to log into websites and apps with your facebook account, scroll down and turn Platform off. 8/9 Change your ad preferences You can view a list of everything Facebook thinks you’re into and tinker with your ad preferences by going to Settings and Adverts. A lot more information is displayed on the desktop site than the app, so we’d recommend doing this on a computer. 9/9 Download your data Facebook lets you download all of the data it has on you, including the posts you’ve shared, your messages and photos, ads you’ve clicked on and even the IP addresses that are logged when you log in or out of the site. It’s a hell of a lot of information, which you should download to ensure you never over-share on the social network again.

That means that once a hacker had access to a person's Facebook account, they could make their way through the rest of their digital life. That might include other Facebook apps like Instagram but also third-party ones that use the login service, such as Tinder.

"The vulnerability was on Facebook, but these access tokens enabled someone to use the account as if they were the account-holder themselves," said Guy Rosen, Facebook's vice president of product management, who disclosed the vulnerability in a blog post on Friday.

The latest hack involved bugs in Facebook's "View As" feature, which lets people see how their profiles appear to others. The attackers used that vulnerability to steal the digital keys, known as "access tokens," from the accounts of people whose profiles were searched for using the "View As" feature. The attack then moved along from one user's Facebook friend to another. Possession of those tokens would allow attackers to control those accounts.

One of the bugs was more than a year old and affected how the "View As" feature interacted with Facebook's video uploading feature for posting "happy birthday" messages, said Mr Rosen. But it wasn't until mid-September that Facebook noticed an uptick in unusual activity, and not until this week that it learned of the attack, he said

The nature of the hack means that there is little users can do to protect themselves. Facebook says it has already fixed the flaw by logging everyone out of their accounts and suspending the "view as" feature.

“There is no evidence that people have to take action such as changing their passwords or deleting their profiles," said a spokesperson for the National Cyber Security Centre.

“However, users should be particularly vigilant to possible phishing attacks, as if data has been accessed it could be used to make scam messages more credible.”

rossi6464 on October 1st, 2018 at 11:57 UTC »

My Instagram, along with many, many others, was hacked about a month ago and the customer service is completely nonexistent. 3 weeks of filling out forms and spamming them with emails got me nothing, so i just had to give up and make a new account

Dayuz on October 1st, 2018 at 11:24 UTC »

The issue here is that the hackers didn't pay for the user information?

AstBernard on October 1st, 2018 at 10:54 UTC »

What exactly was exposed, like passwords or?