50m Facebook accounts attacked/breached

50 million people who don't use 2fa on their accounts... They're asking to be hacked/breached.

Not sure that actually makes a difference or not for this, as the breach was from the "View As" so they was getting access to login tokens and getting through that way.
 
Meh. My account is barely used, has no personal data, and isn't linked to anything.

It's like the worst reward a hacker could ever get for his time and effort.
 
cached facebook web tokens has been a problem for a while.........dum de dummmm

you could quite easily log in as someone else using a certain string..........of course I would never do such a thing
 
cached facebook web tokens has been a problem for a while.........dum de dummmm

you could quite easily log in as someone else using a certain string..........of course I would never do such a thing
Yeah I once hacked the Pentagon, the Kremlin, MI5 and Mossad all at the same time, by entering a certain string into Facebook. I can't tell you anymore about it tho because I still need to sell all these Illuminati-backed plans to Wikileaks for massive profit.
 
Yeah I once hacked the Pentagon, the Kremlin, MI5 and Mossad all at the same time, by entering a certain string into Facebook. I can't tell you anymore about it tho because I still need to sell all these Illuminati-backed plans to Wikileaks for massive profit.

You didn't happen to keep any photos of UFOs did you?

Honestly, someone logs into facebook on your PC. They logout, you use a certain string in the address bar and you log straight in as them without knowing their password. Of course if you clear the browsers cache you are stuffed.

Not much of a stretch is it, considering the 'view as' feature exposed the login token within the source.

They need to fix both issues quickly.
 
Last edited:
I contacted them 4 weeks ago telling them I suspected a breach. I'd seen a massive surge in spam email to my linked email account and number of attempted logins.
I then had a message from Facebook telling me it changed my profile picture. Interesting since I've literally not logged in in 10 years.

Their response was that I must have given someone my details...
 
Their response was that I must have given someone my details...

What a ridiculous thing to say.....not that I am surprised. Do they honestly think you'd go to the trouble of reporting a hacking attempt when you have given out your password. Although, in this paticular hack I don't think you'd get any warnings. Still, very bad of facebook.
 
50 million people who don't use 2fa on their accounts... They're asking to be hacked/breached.

I hear that facebook have recently decided to use mobile numbers assigned for 2FA, to target ads. Expect some annoying SMS soon.
Think whatsapp will be going that way too....didn't the old owners have a big argument with zuckerberg and regret selling out to him.

The man is ad crazy!
 
Until someone uses your FB credentials to cross authenticate against something you do care about. Hooray for using FB as a trusted authentication provider!
You have to log into both to link them together, tho?

Like to link Steam with FB you have to first log in to Steam, then log into Facebook with a link from Steam. Or something like that.

Since my FB isn't linked to anything I don't see that they could compromise anything further by accessing FB?
 
Back
Top Bottom