ACSC warns of phishing danger after Facebook breach
- 02 October, 2018 09:04
The head of the Australian Cyber Security Centre (ACSC), Alastair MacGibbon, has warned people to be wary of possible phishing attacks in the wake of a Facebook security breach.
“Australians should keep a look out for any unusual activity from friends or family on their Facebook accounts,” MacGibbon said.
“This is a timely reminder for Australians to be constantly wary of criminals seeking to exploit their personal information online.”
Facebook late last week revealed that some 50 million accounts were affected by an attack that leveraged a vulnerability in the social network’s ‘View As’ feature.
In the wake of the attack Facebook said it reset the access tokens of some 90 million accounts, forcing them to log back in to the service.
“This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted ‘View As’,” Facebook’s vice-president of product management, Guy Rosen, wrote in a statement.
“The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.”
Facebook said it had fixed the vulnerability and been in contact with law enforcement agencies.
In a statement the Office of the Australian Information Commissioner (OAIC) said it had “been advised by Facebook of an incident involving the security of Facebook accounts.”
“The OAIC is making inquiries with Facebook about the facts, including the number of Australians who may have been impacted by the incident. The OAIC is also in contact with the Australian Cyber Security Centre about the incident.”
The ACSC said it was “working closely with the Privacy Commissioner to establish if Facebook has violated any terms in the Privacy Act 1988.”