SingCERT issues advisory over Facebook breach that affected nearly 50 million

SingCERT issues advisory over Facebook breach that affected nearly 50 million

SINGAPORE: The Singapore Computer Emergency Response Team (SingCERT) issued an advisory for Facebook users on Saturday (Sep 29), following a breach that affected almost 50 million users. 

The breach, which was announced by the social media giant on Friday, had existed since July 2017, but was only identified on Tuesday, said Facebook. 

In its advisory, SingCERT urged users to be vigilant of phishing attempts such as unsolicited or suspicious calls and emails. It also recommended that users monitor their Facebook accounts for "signs of misuse".  

While there is no evidence that users need to change their passwords, SingCERT said it is a "general good cyber hygiene practice" to do so. 

Users are also encouraged to enable two-factor authentication for better account security, it added. 

READ: Facebook says big breach exposed 50 million accounts to full takeover

The breach allowed attackers to exploit a previously unknown vulnerability found on Facebook's "view as" feature, which allows users to see what their Facebook profiles look like to others, to gain unauthorised access to user accounts. 

The vulnerability allowed attackers to steal the user's access tokens, which they could then use to gain access to the Facebook account and other third-party websites that the user had logged into using his or her Facebook credentials. 

Attackers could leverage the vulnerability to access the personal information stored in users' Facebook accounts, and using such information, scams and phishing attempts could look more credible, said SingCERT. 

Facebook said on Friday that it has fixed the issue, which its chief executive Mark Zuckerberg described as "really serious".  It has not yet determined whether the attacker misused any accounts or stole private information. 

It has also not identified the attacker's location or whether specific victims were targeted. Its initial review suggested that the attack was broad in nature. 

Source: CNA/ng