Facebook breach invites further phishing and ransom attacks  

Facebook breach invites further phishing and ransom attacks  

After 50 million Facebook accounts were breached, security experts at NordVPN are warning users to take extra precautions when transferring funds or clicking on any emailed links.

Last week, at least 50 million Facebook accounts were affected by a security breach. Hackers took advantage of an insecure code in Facebook’s ‘View As’ feature.

Access tokens, received through the insecure code, allowed the attackers to enter into personal accounts as if they were rightful users. The access tokens are digital keys that keep users logged into their accounts without re-entering the password.

“We can only speculate about the consequences of this massive attack, but it seems fair to expect increased phishing attacks and theft of personal information for any number of criminal purposes,” said Ruby Gonzalez, communications director at NordVPN.

“As we saw with recent sextortion attacks, criminals used a piece of private information – stolen passwords – to tell users that they supposedly knew about their adult content watching activities, and have them recorded from their own webcams. While this claim was false, the fact that the attackers knew personal passwords led many people to believe their threats were real.” 

“Since cybercriminals may have now gathered personal information of 50 million people on Facebook, we can expect ransom and phishing attacks that will be more personalised and sophisticated. The breach can also lead to identity theft.”

NordVPN urges internet users to be very careful when receiving seemingly legitimate, personalised messages from banks or any other familiar organisations – especially if the recipients are being asked for more personal details, for fund transfers or if they have to click on any link.

Facebook users should also reset their passwords and disconnect third-party apps from having access to their Facebook accounts. 

Other security measures for safe internet experience require using a password manager and a VPN, which encrypts online communications into a secure tunnel.