Blake Dowling: Another day, another Facebook breach

Facebook breach

Friday evening, I met with a crew from WCTV/CBS in Tallahassee; we talked Facebook.

They wanted some info ASAP as to news of the latest Facebook breach breaking that day, offering to meet me wherever I was. That happened to be a fundraiser for Big Brothers Big Sisters at the local bowling alley.

Hold my beer: Team Lucky Strikes (our company bowling team) is making the evening news.

The segment by Katie and her WCTV crew was great; the most intriguing part of this story will most likely break down the road.

More on that in a bit.

First off … what happened?

Last Tuesday, Facebook discovered a vulnerability, where unknown cyber-assailants gained access to 50 million FB accounts.

The following day, the company reported it to law enforcement; by Thursday, Facebook said the vulnerability was no longer an issue.

This specific exposure had to do with bugs in the “view as” feature which allows users to see their profile as someone else might.

Bug No. 1 had a video upload feature in the “view as” section. Bug No. 2 was involved with the auto log-in function and access tokens that allow you not to have to log in every time you visit the site.

So, what’s going on? What was taken? Who did it? All that is not yet known, which is why (as I said earlier) it will be a while before the cyber-dust settles on this one.

Note the bowling alley carpet; very awesome and perfect for any room.

With Cambridge Analytica, Facebook (and a third party), it took a while before the whole story came out. If this was the work of an amateur hacker (or digital prankster) maybe nothing will come up down the road.

However, if this was the work of a nation state who knows what went down? We may not find out until November. Are they looking to mess (or mettle) with the elections?

Or will there be something else more devious next year?

We have seen so much negative press on Facebook, perhaps we are becoming immune to the severity of breaches — there have been so many. To counter people not taking breaches seriously, I offer a conversation from my day yesterday.

A staffer at a statewide Florida association told me about an email she got that said they know her password and that if she does not give them a set amount in bitcoin they will post her browsing history online and expose the adult sites that she visits.

If you have ever received an email like this, it is bogus, with the exception of the criminal who wrote the email actually having an old password in the email.

Where did they get that password? A LinkedIn breach? Equifax? Who knows, but eventually info from all these breaches makes it to the dark web — and hackers.

The bottom line: Don’t use the same password for different sites, social media, financial etc. Use complex passwords; change them every 30 days. This goes for Facebook as well.

This story is most likely just the beginning, so stay tuned for more in 2019.

Now you may return to all things college football, Brett Kavanaugh, and Andrew Gillum versus Ron DeSantis.

Have a great day.

___

Blake Dowling is CEO of Aegis Business Technologies. He can be reached at [email protected].

Aegis bowling team, the Lucky Strikes.
Big Brothers Big Sisters board of directors and friends.

Blake Dowling

Blake Dowling is CEO of Aegis Business Technologies. His technology columns are published by several organizations. Contact him at [email protected] or at www.aegisbiztech.com



#FlaPol

Florida Politics is a statewide, new media platform covering campaigns, elections, government, policy, and lobbying in Florida. This platform and all of its content are owned by Extensive Enterprises Media.

Publisher: Peter Schorsch @PeterSchorschFL

Contributors & reporters: Phil Ammann, Drew Dixon, Roseanne Dunkelberger, A.G. Gancarski, Ryan Nicol, Jacob Ogles, Cole Pepper, Jesse Scheckner, Drew Wilson, and Mike Wright.

Email: [email protected]
Twitter: @PeterSchorschFL
Phone: (727) 642-3162
Address: 204 37th Avenue North #182
St. Petersburg, Florida 33704