Media and Entertainment

Hackers Stole Access Tokens for 50 Million Facebook Accounts

25 September - 2 October 2018

ABS-CBN, one of the largest media and entertainment groups in the Philippines, took down two of its online shopping sites last week after they were found infected by the MageCart skimmer.
In the worst breach in Facebook’s history, hackers had stolen access tokens for 50 million accounts by exploiting a previously unknown vulnerability found on Facebook’s ‘View As’ feature. The vulnerability allowed hackers to steal login tokens that they could use to access the accounts and other third-party websites that a user had logged into using their Facebook credentials. The hackers could then siphon user information to carry out scams and phishing attacks. Facebook said it has fixed the vulnerability, temporarily disabled the ‘View As’ feature, and conducted a comprehensive security review. 

References:
[1] SingCERT urges vigilance in wake of Facebook security breach

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Solutioning

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence