In March 2019, cybersecurity expert Brian Krebs learned that Facebook was storing upwards of 600 million user passwords in plain text files that were available to more than 2,000 Facebook employees. The employees had been logging and storing these passwords through internally-built applications. The investigation revealed passwords in plain text dating back to 2012.
Those hoping that 2021 would be smooth sailing were disappointed by a huge Facebook hack over the weekend of April 3. This Facebook lapse exposed the personal information of approximately half a billion users, including their names, birthdays, locations, and phone numbers.
Facebook acknowledged the leak but said it stemmed from a security problem in 2019 that their team has since fixed. But many Facebook users found that statement to be of little comfort. The information is out there, and the damage could be ongoing. In the US alone, 30 million accounts were affected. Facebook has not made it easy to find out if your account was one of them. According to experts, you have around a 20% chance of being hacked if hackers stole your account information. Check haveibeenpwned.com to see if you are affected.
Password security is still one of the best ways to keep your personal information and account access safe. Security breaches are so damaging because hackers take your stolen password, perhaps from Facebook, and then input it into all of your other accounts, hoping that you reuse passwords.
Safely managing your work passwords can seem overwhelming, even to the most meticulous company. Fortunately, creating and storing unique passwords are simple with TeamPassword. We provide the latest password safety features, including a free password generator that creates impossible-to-guess passwords that meet the highest security standards.
You can use Teampassword to make sure that your accounts are safe even when social media giants and others leak your passwords. We offer password services that allow you to add, share and manage your internal and client passwords, including those for websites, social media, blogs, and more. You and your employees will not have to remember dozens of secure passwords - we make that part of the process simple while protecting you from security breaches.
Author's note 5/25/2021: A number of comments have come in indicating that their accounts were compromised even though they didn't not attempt to log in. I've researched this issue quite a bit and, despite nearly two years having passed since I first wrote this story, I still haven't seen any credible evidence that malware or other hacks are being exploited to steal user credentials through this scam. Everything I've read from security research sources indicates that this is a pure phishing scam. And given how much press this has received, I'm sure it is also something that Facebook has researched and would have patched if it were a security hole on their end.
2) Your account was already compromised, either through a previous phishing attempt or because you have weak password security that allowed an attacker to access your account through a data breach from another source.
I logged in using my password. I know(face-palm). But I also changed my password within 30 mins. Nothing has happened since. It came from Pakistan so I doubt their technical sophistication. My friend then followed up by asking me to click another link.
That is my worry, I did not input any information either and just back out after clicking. But based on what you say it seems the video link will still sent out even if you did not input any information. Just to be on the safe side, I have changed my password immediately although I am not sure if the video link will still be send out. Just hope it does not send out.
A got a Vedic fro two friends, I tried to open the video, asked for phone and password, I put the information in, lost my Facebook account, cant get my Facebook account back, what can I do, I tried everything.
If your account has been taken over by hackers, follow the link at the end of our article above for steps you need to take to recover your account. Depending on how crafty the hackers are, they can make it pretty difficult for you.
When the social media giant first reported the breach two weeks ago, it said that up to 50 million accounts could have been impacted. On Friday it downgraded that figure to 30 million, but the scale of the information the hackers accessed was much worse than initially reported.
Along with basic details like email address and phone number, the hackers gained access to personal data like who or what users were searching for on the platform. And for a subset of 14 million Facebook accounts, the outlook gets very grim: Hackers accessed deeply personal information, including relationship status, religion, hometown, self-reported current city, birthdate, and the device types used to access Facebook.
Facebook has already forced affected users to reset their logins in order to void the access tokens the hackers stole, but the breach could have long-lasting privacy consequences for the 14 million users most affected.
The company revealed that hack was a result of a keylogging software installed maliciously on unknown but thousands of personal computers around the globe. The installed malware took screenshots and recorded every keystroke of log-in credentials while users logged into websites like Facebook, Gmail, Twitter and many other key sites over the past month.
Meanwhile TrustWave is not sure how the virus was installed on so many computers around the world. It is also not sure if the virus is still active and compromising user credentials. However, it will be impossible to track hackers as they were routing information through a proxy server.
A lot of questions remain. We don't know for sure whether the impacted accounts were misused. It's also unclear exactly what information hackers may have accessed, though Facebook said passwords and payment information were not compromised.
The attackers were able to use accounts as if they were their own by stealing \"access tokens.\" Tokens keep users logged into their Facebook accounts over long periods of time without having to re-enter a password.
Users that were logged out of their accounts can log back in using their usual passwords. They will then see a banner on top of their news feed that reads: \"An important security update.\" It offers a link that gives you some details about the breach.
After I reset my password, Facebook prompted me to review which devices had access to my account. I hit \"Log out of other devices,\" which included my current iPhone and another device I haven't owned since 2014.
Facebook's vice president of product management, Guy Rosen, told reporters Friday that it wasn't clear if hackers were able to gain access to third-party apps that use Facebook login, but couldn't rule it out.
Kevin Mitnick, a former hacker who founded cybersecurity consulting firm Mitnick Security, said he recommends using long, complex passwords and storing them with a password manager such as 1Password or KeePass. He says your primary password should be long. \"Over 25 characters,\" he said.
Two-factor authentication is another level of security for your account that goes a step beyond your username and password combination, and it takes a minute to set up. If you want to access pCloud only on devices you trust, then this feature is a must.
You could be looking at the results of a phishing scam, that your username and password landed in the hands of scammers. It happens. Maybe you clicked on a link and entered your credentials on a convincing fake Facebook or Instagram login screen. For example, just recently, our experts uncovered a phishing campaign that lured victims to fake login pages by threatening to block their Facebook account for copyright infringement.
Perhaps someone stole your access token. To avoid having to enter your password every time you sign in to Facebook or Instagram, the app saves a small piece of login information on your computer, known as an access token, or token for short. If a cybercriminal steals a valid token, they can access the account without a username and password. 076b4e4f54