
oh what a tangled 'web' we weave
Facebook. that's all I need to say.
Facebook confessed today that buggy code potentially exposed all of its users' accounts to hackers over the past 14 months. It reckons miscreants snooped on least 50 million people's private profiles, and perhaps as much as 90 million. In a security note posted Friday morning, the social media giant's VP of product management …
That quote about the 2FA Ads really irks me, because Facebook's chief security officer outright lied saying 'the ads were being sent out due to a bug" (Alex Stamos). And he was considered one of the good guys at Facebook before his departure... What does that say about rest of the Alan B'stards who still work there. Not much then!
https://www.buzzfeednews.com/article/ryanmac/facebook-alex-stamos-memo-cambridge-analytica-pick-sides
You also know, they break the news it's 50m, and before you know it's it's 500m, but they know that because all the media have already run with the other story, very few will bother running with the update.
Several other companies have done this recently....
I've been Facebook free for 8 years now, and living life. I do know however, that despite me asking them to delete my data 8 years ago, they decided to hang onto it.. How do I know this. Every once in a while, I setup a fake account with no personal details whatsoever, just logging in from my home internet, and immediately, it recommends people I know to connect with. They clearly haven't deleted my data, as they have retained IP/Friend data from over 8 years ago.
I would report them to the ICO, but they are just a big waste of space. Best just avoid the Facebook, the kings of data scumbaggery.
im on the other side of the coin. i got locked out of FB years ago because i couldnt remember what fake date of birth i used. I still get notifications on the hotmail email address i used so its still active. I could do with logging in again to get some old chums contact details (who were also fake so i cant look them up).
are there any lists of users vs dob's?
"why would hackers go to the trouble of cracking faecebook accounts when all they are likely to find is petabytes of puerile drivel from mouth-breathers."
they can send out very plausible messages along the lines of "hey I'm in foreign country, wallet's been stolen, could you wire me some cash"
And the next drip feed of bad news. If you used the obviously retarded Facebook login for lazy people on other sites, that's those sites compromised also...
Your whole digital life has been raped, it's not not just Cambridge analytica that knows everything about you, the Russians do too..
I have never use the ridiculous "Facebook login" feature, nor the other brand alternatives, on any site. Nor would I allow a site that I own, manage or have any meaningful influence over to offer this choice either. Entrust your site security to a huge, anonymous, organisation based in a regime that has zero effective data protection laws? How about hell no?
You admit to having a FB account.
I only got one because it was required to do work at FB.
I was a contractor and it wasn't my choice to go to FB.
I deleted it within minutes of leaving... but want to bet they still capture information about me?
Sorry, but when you're their customer and their product... never a good ending.
I got a message saying my FB had probably been targeted by government-sponsored hackers and was immediately logged out and made to change my password.
At the time I checked my login history and didn't see anything that I couldn't recognise as me, but it's possible that this was the way they got in.
There is absolutely such information. I don't know how much facebook divulged to these people, but they could easily have gotten post history, images uploaded, messages between people, etc. This includes data that was not public on that person's pages. It is possible that the people may have gotten more information. It is not safe to use facebook for many reasons, this being only the latest one.
All you need to do is hit 'download my data' into a quickly compiled zip file from their backend and you have absolutely everything, private and public, that the user has touched using their FB account.
Crivvens knows what a fully authorised session could gain access to...
"I'm pleased that I use a unique password for the site"
I hope you use fake person details, a fake name, and a unique to Facebook email address too.
Also a burner anonymous SIM if you've given them a phone number.
Also that you don't use a Facebook or related company App on your phone.
*It's best actually to not use Facebook at all.*
I wanted to view something (a particular photograph, I think - it was a while ago!) that was only available on FB and created an account with a completely false identity, together with a disposable e-mail address, set for around six messages to actually arrive, which I promptly "bounced" in Mailwasher, as they were all trite and banal. Eventually, FB cottoned on and suspended the account, their reason being that I was not using my "real" details. That's the only contact I have ever had with FB and good riddance, I say!
I did get a vague message that "Your security is our greatest concern </hypocrisy>" and got logged out, but nothing to state my account was compromised. I am not terribly worried. As with all online stuff: I avoid putting anything online (even if purportedly private) that I wouldn't want others to see, don't use Facebook (or Google) to log in to anything else, and keep separate passwords for different sites. I keep in touch with some friends and colleagues on FB, I post some hobby stuff, which may be of use to those selling cookery items, astronomy and photography gear, and camping equipment, but I get plenty of adverts for those kinds of things anyway (or I did till I installed adblocker).
"I'm pleased that I use a unique password for the site"
As I understood the information that has been made public*, the bug allowed users to generate security tokens as other users. I guess that since many people keep a FB page/tab open all the time and/or FB mobile app is 'always-om', these tokens don't expire (or at least not for a long time) and so hackers can reuse these tokens to act as the spoofed users.... BUT hackers did not actually get any passwords. That's why users were not asked to change passwords... a simple logoff/logon would invalidate the previous security token and create a new one.
*of course there could be other things NOT made public
Consider what this actually means.
'View As' exposes your account as whatever setting you want. So if you locked it down to Friends, generally speaking, you'll not be hiding very much. So ANYTHING you have on there was viewable by whoever used the correct token.
The amount of information people put on their supposed 'safe' FB account is staggering. Dates, addresses, full names, photos of all types... Not to mention the friends list, which will show other photos of potentially 'interesting' things... which would then be ripe for leeching info from.
This is EXACTLY the reason Facebook etc are just such a bad idea. Identity thieves will be having a field day from all this - far more valuable than just a simple debit card number...
And what will be the result? The repercussions? The world is watching because if FB is not taken to task for this, then what's the point of GPDR and whatever other rules should apply to this...
Given the primary business of Facebook is collect data and hand it out willy-nilly to anyone willing to pay for it, I think the phrase "Facebook security" is the ultimate oxymoron.
Is it really news that yet again Facebook has been compromised? They hand out any data they collect like free handjobs from a £10 dollar hooker on a street corner. They cause nothing but misery to those addicted to their mornic presence on the internet. They allow ne'er do wells to lurk in their site, uploading sh*t propaganda and images of abuse. They insert their vile hooks into websites that don't belong to them. Run by an upstart little turd who's bascially won a lottery and whom barely understands what working in the real world is, pretends to understand what people need and want.
They're too big, too powerful and they have no comprehension of responsibility they have and the quicker the site is shut down the better off humanity will be.
"the quicker the site is shut down the better off humanity will be"
While morally I agree with you, if Facebook and its ilk get shut down, that means certain people at work will need to start working. Those of us that do actual work tolerate these immovable obstacles staring at social media because then they leave us the hell alone...
There is a rumor that Google-issued Captchas (v3?) will demand that you have a Google Account and a reliable clickstream on file that can be distinguished from a bot. So most of the Internet will be inaccessible to reticent deplorables unwilling to share their data.
I have witnessed Google's Captchas software being used by miscreants to keep web scrapers from following the many redirects that lead to fake virus warnings, fake Windows and Apple support sites that trick users into installing malicious Android apps or adware/malware for Windows and Apple products.
I am wondering if there is analytics built into the Captcha API that phones home to Google that would have or should have alerted Google to these goings on.
https://malware.dontneedcoffee.com/hosted/anonymous/kotd.html
The Google Captchas ought to be illegal. Any company / person using them as a "gatekeeper" should be ashamed for coercing the public to help Google's "AI" parasitical crowdsourcing.
"Crowdsourced steering" doesn't sound quite as appealing as "self driving."
I think they did that already. I notice a lot more of the message "Sorry, your computer or network is sending automated requests [it is not] so we can't handle your request [so I just give up]" when the email address isn't a gmail one. I have considered just never using such a site anymore, but that cuts out a lot of smaller sites that use it for spam prevention.
You mean like you can't use facebook unless you have a phone they can contact you on during the signup... Have you tried creating anonymouse Facebook accounts recently, if you manage it, they are deleted within days. Facebook NEEDS to know everything about you.
Even the IT crowd worked this out 10 years ago, go watch the FriendFace episode, and look how everything has turned out to be exactly like it was portrayed then. Still plenty of morons don't get it.
No more AC...
AC because I like being ironic...
> Is it really news that yet again Facebook has been compromised? They hand out any data they collect like free handjobs from a £10 dollar hooker on a street corner.
Exactly. And to make matters worse - if that's even possible - Facebook's main concern right now seems to be focused on managing the PR around this debacle. How do we make Mark Zuckerberg and Sheryl Sandberg come out smelling like roses from all of this?
On top of this, they have the temerity of claiming that "the bug has been patched".
Really? Facebook doesn't even know about the security holes lurking in their own code. They stumble upon them by happenstance. Not security research, not testing. Just panic reactions after the bug has been out in the wild for ages. That little fact alone tells me everything I need to know about their code reviews and secure coding practices.
26-year-old geniuses. Yeah.
Yo, Zuckerberg. Why won't you hire some greybeards? They'll teach your pimple-faced geniuses - who still enjoy living in a dorm - a thing or two about secure coding practices and hunting down possibly catastrophic bugs.
Ooooh, I almost forgot. You stated publicly that any software engineer over 30 is just dumb.
Yep that's the biggest Fake News of them all. The reality is Zuck & Co can't fix the problems at Facebook. They're not savants, they're just aggressive greedy a$$holes. Deeper insight here:
https://www.bloomberg.com/view/articles/2018-09-18/mark-zuckerberg-profile-reveals-origins-of-facebook-fb-problems
https://www.newyorker.com/magazine/2018/09/17/can-mark-zuckerberg-fix-facebook-before-it-breaks-democracy
https://www.forbes.com/sites/parmyolson/2018/09/26/exclusive-whatsapp-cofounder-brian-acton-gives-the-inside-story-on-deletefacebook-and-why-he-left-850-million-behind
> "Ooooh, I almost forgot. You stated publicly that any software engineer over 30 is just dumb."
That was quite... special. It has some real gems regarding his wisdom about software development. Like hiring coders in every department so they can just change random stuff on the fly: no need for any sort of planning, design, impact assessment, peer review, testing, quality control, security review, or any of that other boring crap that makes the oldies dumb, we're all such geniuses that we can change random shit on a whim with no consequences! *cough*
A bit later on in the article that @ST linked above, is this from PayPal Founder Max Levchin...
As a final word of product development advice, Levchin encouraged founders to think about the Bible’s seven deadly sins – especially greed, sloth, envy, pride and gluttony. These characteristics, he said, describe many of the primal motivations for users.
"We are constantly improving our security and this underscores the fact that there are constant attacks," said CEO Mark Zuckerberg. "We need to keep focusing on this over time."
He said it, but I do not think it means what you think it means. "Constantly improving" would seem to indicate that things are actually going to get better when in reality it means that while they do patch the occasional vulnerability, there are more discovered than will ever be addressed. Saying there is a need to do something doesn't mean that something will get done and it certainly doesn't mean that what gets done will have a meaningful effect.
People love money, Facebook is no different, in fact they love it even more
Money is such a wonderful incentive, it incentives greedy little shitbags, to which there are many, to do all sorts of immoral shenanigans with little regard for consequences
Whoever invented money literally consigned humans to extinction, and that is no hyperbole
Of course money is important to Facebook. How does Facebook make money? Have anyone here, personally, paid any money to Facebook. They have huge storage, Internet connectivity, management and development overheads... where does the money for this come from?
Any more?
....."even though the numbers were only provided for security reasons rather than ads.".....
____________
And that in one sentence is why 'Acton of WhatsApp fame' bailed... Pretty good inside take on the WhatsApp founders departure below and the rise of Signal as an App. The chilling ruthlessness of Facebook is pretty clear here:
____________
....."When Acton reached Zuckerberg’s office, a Facebook lawyer was present. Acton made clear that the disagreement—Facebook wanted to make money through ads, and he wanted to make it from high-volume users—meant he could get his full allocation of stock. Facebook’s legal team disagreed, saying that WhatsApp had only been exploring monetization initiatives, not “implementing” them. Zuckerberg, for his part, had a simple message: “He was like, This is probably the last time you’ll ever talk to me.”.....
____________
http://www.forbes.com/sites/parmyolson/2018/09/26/exclusive-whatsapp-cofounder-brian-acton-gives-the-inside-story-on-deletefacebook-and-why-he-left-850-million-behind/
Another article explaining the same "Shadow Profile" thing:
https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051
In case anyone isn't aware (I wasn't), where you might expect FB to allow advertisers to target people by obvious data like location, age, gender and things like "interests", they also allow advertisers to target users by their email address or phone numbers. Which means that advertising can be super-targeted... a clothes shop can target their own customers via FB with advertising in the full knowledge of what they've previously purchased.
And like that isn't bad enough, the information that is used for targeting includes phone numbers that are supposedly only used for two-factor authentication.
Aaand if that isn't bad enough, it can include contact details that they've skimmed from your FB-friends who have allowed FB access to their contacts.
All this stuff is part of a "shadow profile" and they won't tell you about that or let you download it.
This might be obvious to others, but personally, whilst I'd guessed they would build a profile that would place users in broadish categories for interests and perhaps infer a bit more data from that, I didn't know advertisers could target people so specifically. Which is really terrifying when you consider political campaigns.
Makes me sad to read that @PeterX. As it means the message still isn't getting out. What you're quoting is ancient history. It started with friends / family / colleagues phone & email address phonebook uploading 'shadow profiles' ... 'Ugly Truth' memo etc.
That progressed into firms being coerced into uploading their CRM databases to help advertising campaigns. But it was really about Facebook compiling highly accurate metadata from those databases. Much more accurate than data brokers like Experian could provide. That's why Zuck doesn't need them anymore.
But things are far worse now... Facebook and Google have been secretly buying financial transaction history (credit-cards etc) for 2-3 years now, and matching it to offline and online activity. They're also buying up medical and patient records. On the side, insurers are now insisting on IoT feeds from fitness trackers. Who will they trade or sell that data too? The usual suspects! When combined when constant Android location tracking the metadata is immense and this is just the beginning...
Both Facebook and Google are desperate to get into China. They want to use their infrastructure as part of China 2020 Social Credit Score. Then bring that whole dystopian nightmare back to the West. This is the stuff of 1984 meets Blakes7. Its horrific! And you've just shown that you're stuck in the Matrix and still have little idea what's really going on. Wake up Neo...
Which is really terrifying when you consider political campaigns.
Politics is one thing, but, it is slow and inefficient; How about not bothering with the political process at all, since one could be getting a reasonable solid list of people being homos, left-wing, jewish, female + about town + muslim, not-swedish-enough - and then sending the thicko boys round to sort them out and really explain things to them!?
All it takes, for anyone today, to run ones own private morality police service is: A FB business account, a little money, some nutters who like violence and some targeted advertising.
That's why I'll never use any service that requires my phone number to be registered or login.... and of course also because I don't want to give them an almost perfect unique identifier.
Unluckily, I can't kill the friends who let their phonebooks to be slurped.
What do the many people here who defended the practice of asking your phone number think now?
I still have an old Nokia 6310i (a lovely phone) that I've fitted with a PAYG sim card with £10 on it. I intend to use that phone if I ever have to set up 2FA by text for anything and it will only ever be turned on for that purpose.
(Also it has to be turned on at least every six months to make a call to my landline to keep the SIM card active. I don't have to pickup the landline for that to work. That's a calendar event with an alert to remind me every four months.)
I intend to use that phone if I ever have to set up 2FA by text for anything and it will only ever be turned on for that purpose.
I already have a throwaway Android phone used for that and it is only switched on when I need to use 2FS, cost €2 a month. The phone can also be used as an emergency phone if necessary.
Earlier this week, it emerged Facebook was using people's cellphone numbers, provided for two-factor authentication, to target them with adverts, even though the numbers were only provided for security reasons rather than ads.
If this is true, it sounds like a massive GDPR violation to me, although I'm no lawyer, so I could be wrong.
If it is a violation, I'm hoping some folks in Europe manage to get a big GDPR case going against FB. Four percent of their global turnover would amount to quite a bill! And they so richly deserve every penny of it.
Icon 'cause FB (and just about every other big corporation) have about the same scruples as Blackbeard. If only there were some sort of regulation of these rapacious corporations here in America!
If only there were some sort of regulation of these rapacious corporations here in America!
Both the State of California and the United States Congress are working on legislation that implements GDPR-like privacy protections for U.S. citizens. The current thinking is that the tough California legislation (which passed and will go into effect in 2020) will be superseded by toothless federal legislation that is bought and paid for by your friendly, neighborhood Google and Facebook.
Its hard to argue against that because Govt is fundamentally divided in their loyalties. Right now they're looking at China 2020 'Social-Credit-Score' and thinking... Wow - that looks useful...
Have an activist / protestor / human-rights reporter in your family or circle of friends? Your score suffers. You can't take a flight, get into university, get a job, get a date. That's population control. Embarrassing public officials or calling out corruption?
Never again! Meanwhile in the west Facebook & Google are buying up everything, including medical / patient / health and banking & credit-card transactions... And Insurers are now insisting on IoT live-feeds. See where this is all going???
I think GDPR is one of the reasons, if not the main one, while this has been published quickly enough... but a breach is not automatically a GDPR violation that brings a massive fine. Still, if an investigation discovers behaviours that violated it, then fines could come...
What in the world are people putting up on Facebook that is so important?? "Oh, a bot came by and made a copy of my Facebook info." Hello, it's a service for the technically inept to fill with garbage. "Me am got computer, haz keyboard, make typing."
Privacy != Facebook. If something is private, then you are supposed to keep it off of a public service. "Private" means "this data has been generated in hardware, and cannot be extracted even by de-lidding the chip."
As I understand it, it may not be just bots. Several friends have complained that there's fake accounts for them that look exactly like the page they made. Complaining to FB just gets them being forced to send in "official" ID and a demand for more personal info. The paranoid in some us has to wonder if this is a random crim or FB is doing it to collect more data.
Facepalm! The stolen tokens also allow attackers access to 3rd-Party accounts (see below). So there's a major security issue here alongside all the privacy aspects. Some users will have leaked posts or embarrassing or comprising pics etc that were hidden, but can now be used for full-on extortion.
So this is a huge issue, far bigger than the political interference angle of Cambridge-Analytica/Palantir etc. And you've just shown you're part of the whole problem because you don't get it, or are just underestimating it... Anyone in your circle you've given advice to, seriously needs to do their own research!
----------
"Facebook has confirmed to reporters that the breach would allow hackers to log in to other accounts that use Facebook's system, of which there are many. This means other major sites, such as AirBnB and Tinder, may also be affected."
----------
https://www.bbc.co.uk/news/technology-45686890
How does this interact with 2FA? Is that still secure, if it's turned on?
Presumably any attempt to actually *use* these access tokens would generate a 'new login from unknown device' warning from FB? I certainly always see that when I try to login from a device I haven't used before. Is that warning a default, or something you have to set up when you configure security? I can't recall.
how many times must it be said that you don't put anything on the internet you don't want to be public. forget privacy settings, just assume everything is there for the world and his wife to read.
and in the case of facebook in particular, with all the shit flinging done about it, you must have been living under a penis shaped rock on Mars for the last 2 years if you were not aware that all your supposed private information was public, add to that the fact that mankind does not currently have the technology to put man beyond low earth orbit, there is no excuse for not being aware that Facebook security is a joke.
simple. Just assume every bit of information you put on the internet is public.
”In effect, every single Facebook user account was wide open to being hacked, although the Silicon Valley goliath estimated that "only" 50 million accounts were, in the words of a spokesperson, "directly affected." “
What’s that, the ‘pull numbers out of a hat’ school of security breach PR’?
I’d take bets that in a couple of weeks they’ll take a leaf out of Yahoo’s book and mysteriously ‘discover’ the problem is much much bigger than stated, neatly bypassing the GDPR rules on disclosing breaches promptly and avoiding the shareholder upsetting fines. They can round it off by pointing the finger at the fiendish Norks and telling us all they take the security of user data very seriously.
Using the vuln to delete accounts or data rather than just slurping would have done more damage. All the culprits managed to achieve is wipe a few pennys off the share value and given the FB legal team more job security. FB still has the data of these 50m users (which will probably pay any losses incurred and still make a profit) and has now closed the vuln.
50m is only 0.0022421524663677% of 2.23bn so maybe a more parallel attack and process the profile id number in random order next time to delay the detection!
Let the dawn of API injection vulns commence!
WRONG.
"50m is only 0.0022421524663677% of 2.23bn so [...]"
5.7e7/2.23e9 = 0.02242152466367713
0.02242152466367713 = 2.242152466367713%
And the detection wasn't based on sequential accesses; we don't know in what order, if any, the accounts were accessed. The thing that tipped them off was the quantity of accesses, so the perpetrators could have gotten more data by slowing it down, potentially evading facebook security forever.
Also, the people didn't break in with the intention of taking facebook down. They wanted the data, and they got it. We don't yet know what they're going to do with it, but the results were intended to be and will be problematic for the users, not facebook.
To my shame, I have a FB account. I haven't used it for ages and haven't agreed to the new terms post GDPR, so its sort of dormant.
What I'd like to do is delete my FB account but first have FB give me ALL the info they have on me. I've never given them my mobile number but suspect they have it. FB is almost certain to have more info about me then shows on my account which I can delete (deletefacebook).
Is there somewhere that details how to go about getting FB to tell me everything they hold on me? I know it would be pretty much impossible to know they have complied but I would at least like to try.
This is my shame. I did this some years ago and discovered that my phone contacts had been uploaded to Faecebook. I apologised to all my contacts and closed the account. Too late though.
So it's worth knowing that whilst you may avoid faecebook you can still be shat on and let down by any so called friends that still have an account and feed the depraved animal.
Lucky that I only know one die-hard user who is still defiantly fucking the rest of us over. It's easy to get rid of faecebook and you won't miss it. There is always a much better way to do whatever you think you need it for if you are not a lazy-arsed bastard.
Spasticus,
Deleting FB account is not as easy as you think. Just as deleting a file is really just de-listing it from the directory it's the same with FB. Then when you finally want to scrub it off their system they are suddenly unsure it's really you and need you to register your phone and other methods of ID.
That feature could've been intentional for TLA's so agents can access anybody's private account, even if said agents were deployed overseas.
If not for TLA's and secret agencies, then maybe that feature was given to big corps who wanted some private data of FB users.
Just patched by FB when that Taiwanese guy claimed he would delete the FB account of Zuckerberg in a live stream.
That's why it's not good to put backdoors, as claimed by most tech gurus, be it hardware or software because sooner or later someone will discover those backdoors. Ok, as usual, just claim it was a bug and not an intentional feature.
Upvoted.
I don't see those share buttons thanks to uBlock Origin but this also has the detrimental effect of denying El Reg ad revenue.
I'd happily pay to read if you'd let me El Reg.
You could leave an ad supported non subscribed option to keep the scummy ad revenue.
I'm not on FB (no surprise there)
But difficult to stop others, who are on there, posting information about you (including images), sharing their contacts and so publishing your phone number.
Fortunately SO is also not on FB, so has number of my second SIM, that I don't make available to general data spilling friends.
Does not stop my "main" number getting owned by FB, but does mean I have a "private" number.
Biggest irony is that (ex directory) landline number is private as everyone we know only has mobile number, nobody asks for (or is given) landline (bar "need to know" people such as bank, solicitor)
I can hear the chanting in the backgrond ... GDPR FINE ... GDPR FINE and the EU beaucrats lining up to spend the billions !
GDPR been waiitng for the first of the big boys to royally screw up, now time for the 2-4% annual global turnover, even the mighty Zuck who knows nothing and sees the world through his rose tinted FB VR goggles, must be crapping his pants !
....dislike Facebook itself. It's a system, it's useful for some people (family members keeping in touch with people across the world) and from a programming point of view having done a little years ago and being shit, it amazes me how complex these systems get, but I choose not to use it in the normal sense of use it.
I used to use Friends Reunited before Facebook become so big. I hated how people from school on there were the same knobs they were in school. I also hated how narcissistic it seemed to make people. Have avoided it ever since. I now only use it when a site insists the only way you can login with them or post comments is via a Facebook account so then a dummy one gets created & used.
I understand they should be keeping everyone's data private etc. but the service is free, people choose to use it. I bet loads of the users that currently use it would stop if it suddenly introduced a subscription model. But I guess all users do have a right to moan when Facebook is only worth what it's worth because of all it's users, free or not.
I'm surprised Zuckerberg is still even there. With all that money I'd just get out while you still can before it all comes crashing down like MySpace. And I just couldn't be arsed with the aggro. But then that's probably also why I'd never succeed in business.
"I'm surprised Zuckerberg is still even there. With all that money I'd just get out while you still can before it all comes crashing down like MySpace. And I just couldn't be arsed with the aggro. But then that's probably also why I'd never succeed in business.
"
Exactly. You've gotta be a bit power hungry to want to keep doing that work.
I think the current big boys are arranging legislation to prevent upstarts and so they can carry on with impunity no matter how crap they become.
I thought Zuck was a proper nerd who would be bored by all the business stuff and would sell out. But then Bill Gates was a proper nerd and he stayed for decades.
It's easy to ascribe power hunger but I don't know either got into IT for that purpose. Perhaps they both share the same sense of genuinely caring and thinking what their companies do is important. Gates always seemed pretty passionate.
Facebook spotted the hole after it noted a suspicious "spike" in user activity on Tuesday. The attack was "fairly large scale," it admitted, and when it investigated the cause, it discovered hackers were using the site's API to automate the process of grabbing users' profile information.
I'm sure many of us have had on a much smaller scale has an "oh crap" moment (formatting the wrong drive, etc, etc). But the process from seeing that spike to figuring out what is happening must involve a pretty substantial sinking feeling!
I was one of the "lucky" few who had their accounts hacked. I took a look in the "Logins and Logouts" section of the Activity Log (which is buried about 6 clicks deep) and spotted that there had been lots of logOUTs from China, Adis Ababa, Russia, Vietnam, etc. since June and possibly earlier (no data before the end of May because, GDPR). No logins from these locations at all, so I received no warnings - presumably Facebook only checks for suspicious logins only (and warns if the appropriate setting is enabled) and ignores logouts altogether, so I was none the wiser.
Has anyone else spotted the same pattern in their Facebook login/logout history? Curious to know if anyone else had this activity prior to July.