They wanted some info ASAP as to news of the latest Facebook breach breaking that day, offering to meet me wherever I was. That happened to be a fundraiser for Big Brothers Big Sisters at the local bowling alley.
Hold my beer: Team Lucky Strikes (our company bowling team) is making the evening news.
The segment by Katie and her WCTV crew was great; the most intriguing part of this story will most likely break down the road.
More on that in a bit.
Last Tuesday, Facebook discovered a vulnerability, where unknown cyber-assailants gained access to 50 million FB accounts.
The following day, the company reported it to law enforcement; by Thursday, Facebook said the vulnerability was no longer an issue.
This specific exposure had to do with bugs in the “view as” feature which allows users to see their profile as someone else might.
Bug No. 1 had a video upload feature in the “view as” section. Bug No. 2 was involved with the auto log-in function and access tokens that allow you not to have to log in every time you visit the site.
So, what’s going on? What was taken? Who did it? All that is not yet known, which is why (as I said earlier) it will be a while before the cyber-dust settles on this one.
With Cambridge Analytica, Facebook (and a third party), it took a while before the whole story came out. If this was the work of an amateur hacker (or digital prankster) maybe nothing will come up down the road.
However, if this was the work of a nation state who knows what went down? We may not find out until November. Are they looking to mess (or mettle) with the elections?
Or will there be something else more devious next year?
We have seen so much negative press on Facebook, perhaps we are becoming immune to the severity of breaches — there have been so many. To counter people not taking breaches seriously, I offer a conversation from my day yesterday.
A staffer at a statewide Florida association told me about an email she got that said they know her password and that if she does not give them a set amount in bitcoin they will post her browsing history online and expose the adult sites that she visits.
If you have ever received an email like this, it is bogus, with the exception of the criminal who wrote the email actually having an old password in the email.
The bottom line: Don’t use the same password for different sites, social media, financial etc. Use complex passwords; change them every 30 days. This goes for Facebook as well.
This story is most likely just the beginning, so stay tuned for more in 2019.
Have a great day.
Blake Dowling is CEO of Aegis Business Technologies. He can be reached at email@example.com.