Search This Blog

Showing posts with label Facebook. Show all posts

Is WhatsApp the new Coronavirus of Facebook?


The health officials and government authorities are trying their best to inform the public about the safety precautions amid the Coronavirus epidemic. But these health initiatives taken by the government and medical experts are constantly being threatened by one of the largest social media messaging platform. These messaging platforms are steadily spreading misinformation and fake remedies about the Coronavirus. Facebook-owned messaging platform WhatsApp has received harsh criticisms over its handling of the Coronavirus situation because of the spreading of fake news and misinformation using WhatsApp about the Coronavirus epidemic, which has caused more than 8000 death and affected more than 2,00,000 people across the globe.


WhatsApp users send messages that most of the time are inaccurate and lack any legitimacy, say the medical experts. The problem has now become so troublesome that global health organizations and world leaders have asked people to stop forwarding and sharing unverified claims about Coronavirus and its cures using WhatsApp. Irish president Leo Varadkar on twitter asked the people to avoid sharing unverified news in WhatsApp groups. According to him, the WhatsApp messages are frightening and ambiguous. People should only trust official information from health and government sectors, he says.

The misinformation shared on WhatsApp mostly comes from forwarded messages by a friend of a friend or supposedly a doctor. Not all messages are incorrect, for instance, washing your hand to stay safe. One of the most circulated false claims on WhatsApp is 'drinking warm water every 15 minutes will prevent you from Coronavirus.' Because WhatsApp messages have end-to-end encryption, health officials and the government can't trace the source of misinformation. Even WhatsApp can't trace the source of messages.

"It is clear ... that a lot of false information continues to appear in the public sphere. In particular, we need to understand better the risks related to communication on end-to-end encryption services," said Vice President Věra Jourová, Europen Commission, on Tuesday. He also surveys the alliance's work to stop misinformation. "There are over a dozen [local fact checkers] so far, and we want more to be able to do their important work so rumors are identified and countered," said Will Cathcart, the head of WhatsApp, on Wednesday in a tweet.

2 New Android Malwares on The Hunt to Gain Control of User’s Account



As per discoveries of competent security software two new Android malware is on the hunt to 'discreetly' access control of the victim's account so as to send different ill-intentioned content. The two malware together steal cookies collected by the browser as well as applications of famous social networking sites and accordingly making things easier for the thieves to do their job. 

While cookies are frequently perceived as quite harmless since they are characterized as small bits of data collected by websites to smoothly track user activity online with an end goal to create customized settings for them in the future however in a wring hands, they represent a serious security hazard. A grave security risk since, when websites store these cookies, they utilize a unique session ID that recognizes the user later on without having them to enter a password or login again. 

Once possessing a user's ID, swindlers can trick the websites into assuming that they are in fact the person in question and thusly take control of the latter's account. What's more, that is actually what these cookie thieves did, as described by computer security software major Kaspersky, creating Trojans with comparable coding constrained by a similar command and control (C&C) server. 

The primary Trojan obtains root rights on the victim's device, which permits the thieves to transfer Facebook's cookies to their own servers. Be that as it may, in many cases, just having the ID number isn't sufficient to assume control for another's account. A few sites have safety measures set up that forestalls suspicious log-in endeavors as well. 

Here is when the second Trojan comes in. This malignant application can run a proxy server on a victim's device to sidestep the security measures, obtaining access without raising any doubt. From that point onwards, the thieves can act as the 'person in question' and assume control for their social media accounts to circulate undesirable content. While a definitive aim of the cookie thieves remains rather obscure, a page revealed on the same C&C server could provide a clue: the page promotes services for distributing spam on social networks and messengers. 

In simpler words, the thieves might be looking for account access as an approach to dispatch widespread spam and phishing attacks. 

Malware analyst Igor Golovin says "By combining two attacks, the cookie thieves have discovered a way to gain control over their victims` account without arising suspicions. While this is a relatively new threat -- so far, only about 1,000 individuals have been targeted -- that number is growing and will most likely continue to do so, particularly since it`s so hard for websites to detect." 

He adds later "Even though we typically don`t pay attention to cookies when we`re surfing the web, they`re still another means of processing our personal information, and anytime data about us is collected online, we need to pay attention." 

According to Kaspersky experts all hope’s isn’t lost they made certain recommendations which might help a user to save themselves from becoming a victim of cookie theft : - 
  1. Block third-party cookie access on your phone`s web browser and only let your data be saved until you quit the browser
  2. Periodically clear your cookies
  3. Use a reliable security solution that includes a private browsing feature, which prevents websites from collecting information about your activity online.

A vulnerability that Allows Hackers to Hijack Facebook Accounts


A cybersecurity expert recently found a vulnerability in FB's "login with the Facebook feature." According to the expert, the vulnerability allows hackers to steal "Access Token," and the hacker can also hijack the victim's FB account. FB uses "OAuth 2.0" as a verification process that helps exchange FB tokens and also gives 3rd parties access permission. To know more about OAuth 2.0, the readers can find information on the internet.

The vulnerability exists in the "Login with Facebook" option that eventually lets hackers make a phony website which they used for exchanging Access Tokens for other applications that include Spotify, Netflix, Instagram, Tinder, Oculus, etc besides the hijacked FB profiles. Once the hacker succeeded in hijacking the targeted FB accounts using the Access Tokens, he had access to personal data that includes private messages, photos, videos, and also the account setup credentials.


According to Amol Baikar, an Indian cybersecurity expert who found this vulnerability in the first place, the FB flaw allows hackers to exploit user accounts that include Tinder, FB, Oculus, Spotify, Instagram, Netflix, etc. Meanwhile, along with this account hijack, the hacker can also get 3rd party access to the mentioned apps via "Login with Facebook option." Facebook first received this vulnerability in December 2019 and immediately issued a security fix. Along with this, the company Facebook also announced a $55,000 bounty upon finding the person responsible through the Bug Bounty Program. This is said to be the biggest bounty ever issued for a client suite hack vulnerability founded on Facebook.

Cybersecurity organization GBHackers have made the following observations regarding Facebook vulnerability: 

  1. All Fb apps and 3rd party apps login credentials (Access Token) could be exposed within a few seconds, at the same time. 
  2. The vulnerability allows the hacker to take over the Facebook account of the user. Moreover, the hacker can read, write, edit, and delete your data. 
  3. The hacker also has the option to modify your privacy settings in the FB account. 
  4. If a user visits the malicious website set up by the hackers, he/she can lose their 1st party Access Tokens. 
  5. The stolen 1st party Access Tokens never lapse. 
  6. The attacker has control over the hijacked Facebook account even after the user changes the login credentials.

Facebook Sues Data Analytics Firm for Improperly Harvesting User Data


On Thursday, Facebook filed a federal lawsuit in California Court against OneAudience, a New Jersey-based marketing firm mainly involved in data analytics. The social media giant claimed that the firm was paying app developers to secretly harvest its users' data by getting an infectious software SDK installed onto their apps. The SDK was planted in various gaming, shopping, and utility-type applications available to download from the Google Play Store, as per the court documents.

A software development kit also known as SDK is a downloadable collection of software development tools used for developing applications. It consists of the basic tools a developer would require to build a platform-specific app with ease and excellence. In other words, SDK basically enables the programming of mobile applications. However, these packages have their drawbacks too as they also contain tools like trackers and it collects information about devices and app usage to send it back to the SDK maker.

Facebook alleged in the lawsuit that OneAudience has blatantly misused the feature "login with Facebook" to acquire unauthorized access to sensitive user data without any permissions. OneAudience has also been accused of paying apps to gain access to users' Twitter and Google data when they log into the infected apps using their account info.

"With respect to Facebook, OneAudience used the malicious SDK – without authorization from Facebook – to access and obtain a user's name, email address, locale (i.e. the country that the user logged in from), time zone, Facebook ID, and, in limited instances, gender," Facebook remarked.

Earlier in November 2019, social media giants Twitter and Facebook told that OneAudience collected private user information and the incident left hundreds of users affected as their privacy was compromised when OneAudience illegally collected their names, email addresses, usernames, genders and latest posts through SDK.

While commenting on the matter, Jessica Romero, Director of Platform Enforcement and Litigation, said "Facebook's measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate."

"This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users," she further added.

Beware of Fake Videos on Facebook and WhatsApp!


Beware! People who have blind faith in the internet and tend to believe almost anything that they view or come across online, for there has surfaced a new medium for fearless dissemination of misinformation.

Fake news and modified pictures have already been wreaking havoc on social media and real lives of people for quite a long time now; leading to serious after-effects and reactions. Mob lynching, hate speeches and violent masses are few of the many upshots of such news and pictures.

At a time when the county was freshly getting used to fighting fake news and misinformation, a leading player joined the race, which goes by the name of “deepfake”.

Deppfake videos employ artificial intelligence to alter fake videos in such a way that they seem real to viewers. These videos are crafted with such ability that it becomes difficult for people to identify any possible lacunae.

These videos are so absolutely deceitful that the common person viewing them can’t remotely recognize or realize if, then what is wrong with them.

In latest times, the concept of morphed images is not new and hence people started to rely more on videos. But with deepfake, altering videos is possible too. In fact the operator could even manipulate actions and what is being said in the video.


Like every other fad that social media and its users accept with open arms, deepfake videos have a strong probability of making significant trouble on platforms like WhatsApp and Facebook to name a few.

Another issue with these videos is the resolution they are available in. Most videos that are found on Facebook or WhatsApp are quite low on quality and hence it becomes all the more challenging to identify their bogusness.

These days political or any other kind of speeches of influential personalities are circulated generously across all of social media. With threat actors like deepfake videos, the ordinary speeches could be malformed to enflame the masses.

Sources mention that genuine looking fake porn videos could also be circulated online via deepfake. Especially the porn clips that are recorded through spy cameras can be effortlessly manipulated into any sort of personal or professional hazard.

The extremely effective notion of targeted adverting refers to placing information according to the needs of the audience. Deepfake videos open new avenues for negative targeted advertising and people who are looking forward to creating unrest in otherwise peaceful situations.

These videos are outstandingly dangerous because along with being imperceptible as fake they also hold the capacity to instigate populaces for a cause that may not even exist.


Alert! The Days of WhatsApp Are Gone? Stronger Competitor In The Market!


Joy all around for the social media fanatics who had gotten quite bored of WhatsApp being their only source of incessant chatting provisions. And to those as well who felt unsafe because of the recent spyware that hit the beloved social media chat application.

The word around is that a recently surfaced social media chat application could give strong competition to the Facebook-owned social media service.

The users were already quite disconcerted about the recent cyber threat that hit WhatsApp and were in desperate need of any substitute to satisfy their daily social cravings.

The celebrated application goes by the name of “Signal”. Its unique characteristic is its keen focus on the privacy of the users.

Per sources, Signal has planned out to move towards the big market and go “main-stream”, owing it to the substantial monetary support it received from WhatsApp’s co-founder.

The financial backing is to facilitate “Signal” in getting better features and attracting the attention of people who are sort of done with using WhatsApp and are in want of other options, for whatever reasons.

Reports mention that the launcher of ‘Signal’ had continually been working on getting everyone access to encrypted communications without much fuss.

Now it finally is time for Signal to enter the world it was originally created for in the first place. It is a revolutionized effort at forming a more secure cyber-space for the people.

With key agendas like privacy and cyber-security being the central constituents of Signal, the application is sure to win a lot of hearts.

In recent times WhatsApp has been all over the place because of the alleged cyber threats, like spyware, it has been leaving its users open to. Because of which people’s trust over it has been withering gradually.

Per valid sources, Signal is special because it is encrypted from end-to-end. Its servers do not store any sort of “conversation metadata” on them. This especially was quite a hefty task for the developers to work their way around. They also had to work on enabling “group administration” to let people add and remove members without the servers’ knowledge. But they did it.

Hence, at a time like this, Signal is a very welcome blessing for social media fanatics who have become so used to social applications that they can’t imagine their lives without them.

Facebook Data Breach: API Security Risks


In the year 2018 Facebook disclosed a massive data breach due to which the company had to face a lawsuit along with allegations of not properly securing its user data. The breach directly affected the authentication tokens of nearly 30 million of its users which led to the filing of several class-action complaints in a San Francisco appeals court. In the wake of the incident, Facebook pledged to strengthen its security.

A feature, known as "View As" which was employed by developers to render user pages was exploited by hackers to get access to user tokens. The theft of these tokens is associated with the advancement of a major API security risk, it also indicates how API risks can go unnoticed for such a long time frame. The trends in digital up-gradation have further pushed the process of continuous integration and continuous delivery – CI/CD, which are closely related concepts but are sometimes used interchangeably. The main purpose of continuous delivery is to ensure that the deployment of a new code takes the least possible effort. It enables DevOps to maintain a constant flow of software updates to fasten release patterns and reduce the risks related to development.

Conventionally, developers used to work on the parts of an application– one at a time and then manually merge the codes. The process was isolated and time-consuming, it led to the duplication of code creation efforts. However, as the IT ecosystem went on embracing the new CI/CD model and effectively sped up the development process while ensuring early detection of bugs, almost all the security has been commercialized by ace infrastructure providers namely Microsoft and Amazon. The commodities offered include authorization, container protection and encryption of data. Similarly, security components of first-generation firewalls and gateways like the protection of denial-of-service (DDoS) attacks also constitute the infrastructure.

When it comes to navigating and communicating – especially through an unfamiliar space, APIs are a powerful tool with great flexibility in their framework. However, similar reasons also make APIs equally vulnerable also.

While giving insights into the major IT risk posed by APIs, Terry Ray, chief security officer for Imperva told, "APIs represent a mushrooming security risk because they expose multiple avenues for hackers to try to access a company's data."

"To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications."

The API threat is basically rooted in its lack of visibility, Subra Kumaraswamy, the former head of product security at Apigee, an API security vendor owned by Google, while putting the risk into the perspective, told: "When you have visibility into your APIs throughout your organization, you can then put controls in place."

"You might decide that a certain API should only be exposed to in-house developers, not external, third-party ones. If you don't have visibility, you can't see who is accessing what."

While labeling the authorization and improper asset management as areas of key concern, Yalon told, “Authorization mechanisms are complex because they are not implemented in one place, but in many different components like configuration files, code, and API gateways."

“Even though this sometimes may look like simple housekeeping, having a very clear understanding of the APIs, with well-maintained inventory, and documentation (we whole-heartedly recommend Open API Specification) is very critical in the world of APIs,” he further said.

Facebook and Google- The Kingpins Who Generated Millions of Ad Revenue This Year!


This fiscal year has been quite a success for all the social media platforms in terms of online digital advertising revenue generation.

Digital advertising revenue is the income that businesses earn via displaying paid advertising advertisements on their social media platforms or websites.

Per sources, Facebook and Google rose big time on the online revenue charts of the year 2018-2019. Facebook gathered 2,233 and as compared to the Rs. 6389 crore of the last fiscal year, Google landed itself a sum of Rs. 9,203 crore in ad revenue.

According to reports the social media giant’s ad revenue partly builds up of the advertisement that Indians “spend” on trendy social applications like Messenger, Instagram, and other third-party affiliations and applications.

Per sources, over 4.39 billion people use the internet all over the world today. Digital advertising hence, is more than a fitting alternative for the online world. The field is growing at a flying rate. According to a major report, the expenditure of ads is likely to multiply exponentially in a couple of years.

Reports also say that Facebook and Google collectively have a share of 68 percent in India’s online advertising sphere. They also plan on expanding it, given the compelling competition from Amazon and other similar entities.

The Indian division of Facebook, Facebook Indian Online Service Pvt. Ltd., cites that it gives the ad inventory amount back to the main company, which adds somewhere up to Rs.1,960 crore in the latest fiscal year. The amount that contributed to the net revenue of this Indian division was Rs. 263 crore.

Per sources, Facebook’s revenue from online ad ventures had an overall rise of 71 percent this “year-on-year”, only to reach a glorious Rs. 892 crore in this fiscal year.

This made the profit for the social media colossus rise by 84 percent which amounts up to Rs. 105 crore, mentioned the reports.
Google India Pvt. on the other hand as per what the reports mentioned displayed Rs. 1, 097 crores as its “net sales” from online advertisements.

The overall revenue for this search engine master totaled Rs.4,147 crore which was half of what it acquired in the previous fiscal year. Nevertheless, its profit experienced a 16 percent hike equalling to Rs. 473 crore, sources indicated.

Deputy of the State Duma of the Russian Federation: it is necessary at the legislative level to protect the data of Russians on Facebook


Andrey Alshevskikh, the State Duma Deputy, said that the threat to the personal data of Russian users of the social network Facebook is real. The Deputy notes that it is necessary to take appropriate security measures at the legislative level.

The day before it became known that the hacker group OurMine hacked two official Facebook accounts on Twitter. On the night of February 8, an appeal appeared on these pages stating the vulnerability of Facebook to hacker attacks. It was also said about the weakness of the Twitter security system.

"As for Facebook, this is not the first case and, something tells me, not the last. It is necessary to deal with such cases in detail and take concrete steps at the legislative level, make amendments to existing laws, and adopt new ones to protect the data of Russian citizens," said the Deputy.

Alshevskikh recalled that the threat to the personal data of Russians who use Facebook was mentioned repeatedly. Therefore, a law was adopted providing for the storage of personal data of citizens of the Russian Federation in Russia, however, some companies do not want to comply with it.

"We need to force Facebook to comply with Russian law," said Alshevskikh. Recall that earlier Roskomnadzor started administrative proceedings against Facebook and Twitter, which did not provide a localization report at the indicated time. Refusal to localize, according to Russian law, faces a multimillion-rubles fine. In the case of the first violation, legal entities may be charged up to 6 million rubles ($94,000), in the case of a second violation - from 6 to 18 million rubles ($94,000-$282,000). Court hearings have already been scheduled and will take place on February 13 in a Moscow court.

Earlier, CEO of a detective agency and speaker on cyberattacks Vladimir Golovin recommended that those who are concerned about the safety of their personal data stop using Facebook.

CEO of a detective agency and speaker on cyber attacks: users should understand that Facebook is leaking their data


Numerous Facebook leaks in 2013 and 2016 put users in a position where they are not responsible for their security. This opinion was expressed by the General Director of the detective agency and speaker on cyber attacks Vladimir Golovin.

The Cybersecurity team at Check Point Research found out that Internet attacks were most often carried out on Internet users to obtain their personal data via Facebook for the last quarter of 2019. A social network is not able to protect its customers from online fraud.

Experts told about such a fraud scheme as "phishing", which consists of the theft of the username, password and other personal data. Hackers operate through social networks or other platforms where people leave information about themselves. As a result, it turned out that Facebook has become the leader among platforms that are hacked by scammers. The second line is occupied by the Yahoo service, and in third place is Netflix.

According to Golovin, when a user leaves their data somewhere, their security depends on him only by 50%.

"If you want to give your personal data, then use Facebook. If not, you don't need to use it at all," said the speaker.

According to him, today people have the wrong attitude to personal data, so it is worth starting the fight with this. Many people do not understand the danger they face when leaving personal information on unverified sources.

Golovin notes that Facebook continues to do the same, leaking user information.
"Therefore, in the field of information security and data storage, all these are political games," he concluded.

It is worth noting that, in addition to the constant leak of personal information, foreign sites continue to brazenly violate Russian laws by refusing to transfer servers with Russian data to the territory of the Russian Federation. Ruslan Ostashko, editor-in-chief of the online publication Politrussia, said that it is necessary to register the possibility of blocking the activities of Facebook and Twitter at the legislative level.

Clause Addition to the IT Act; Social Media Companies Now Responsible For All Nonuser Generated Content


A change brought in line with the changes in the US and Europe, the Indian government has recently added a clause to the proposed IT intermediary guidelines, making social media companies responsible for all nonuser produced content including supported content, distributed on their platforms. 

The change is expected to impact some extremely popular social media platforms, like Twitter, TikTok, YouTube, Instagram as well as Facebook. 

When the amended guidelines are made public, social media organizations will be required to accordingly and appropriately tag and identify all sponsored content published on their platforms and alongside it, draft standards, which are 'under consideration' of the law ministry, are expected to be notified in about a few weeks according to a senior government official “We have had a few rounds of discussions with the law ministry. 

These guidelines should be notified by February-end, the start of March.” Section 79-II of the Information Technology Act, 2000, right now absolves online intermediaries from obligation for any third party substance shared on their platform. In any case, with the new clause, the Act will give "safe harbor protection" to intermediaries, inasmuch as they just assume the job of a facilitator and not maker or modifier, in any way of the content posted.


What expedited the change was an issue that occurred in the previous year a disagreement regarding content between social media platform TikTok and Twitter-sponsored ShareChat where the latter had to bring down more than 100 videos from its platform. 

Right now, platforms like Facebook, Twitter and Instagram have certain features and tags through which ads and paid partnerships are displayed. Yet, publicists and advertisers state brands would rather push content through influencers to make it look increasingly organic. 

There is likewise no compulsion or onus on the influencers to highlight that the products and content they are supporting are paid for. 

However, Government authorities said such content, produced by influencers without the contribution of the social media platforms, may in any case not be secured by the most recent clause. This clause will relate to just such non-user produced content in which the platform is in some way involved.

Facebook to give $550 Million as a Settlement in a Lawsuit


Social Media giant Facebook is to pay an amount of $550 million as a settlement in what appears to be another series of lawsuits, and this time, it is a Facial Recognition issue. The lawsuit is not good for the brand perception of Facebook as it puts further questions to the credibility of the privacy laws of the social networking site.


"Facebook has agreed to pay a settlement of $550 million related to a claim filed for FB's facial recognition technique," said Facebook this Wednesday. The incident that appeared in Illinois is said to be a great triumph for privacy organizations as it raises the question of privacy laws of the company Facebook which is already among the controversies of data laws. The issue emerged from FB's image labeling technique named 'Tag Suggestions,' which uses facial recognition techniques to suggest the name of users present in the photo.

The company that has filed lawsuit accused Facebook of collecting the facial data of the company's employees that violate Ilionis Biometric Privacy law. It accuses Fb of storing data of millions of users for Tag suggestions without the knowledge of the company's employees and also without them knowing how long the data will be kept. Facebook has dismissed the allegations saying it has no basis of proof. As per the settlement, FB has to pay $550 Million as legal fees to the affected users of the Illinois company. This payment even surpasses the $380 Million amount that the reporting agency 'Equifax' had agreed to pay for the settlement of a 2017 consumer data breach incident.

"Facebook agreed to settle the case by giving back what was rightful to the community and in the goodwill of public interest, as it affects our stakeholders," says FB's spokesperson. "The settlement highlighted the importance of user privacy and security," says lawyer Joey Edelson, whose firm addressed the issue on behalf of the affected users of Facial Recognition suit. He further says, "people worried about issues related to gun rights concerning women safety or people who like to participate in societal issues by not disclosing their identity hold the same importance and we should respect their privacy."

Simple Tips to Prevent your WhatsApp Account from Hackers


WhatsApp (now owned by Facebook), a popular social networking app, as we all know, is very easy to setup. But this simple process also opens your account to some vulnerabilities and threats, if you are not cautious while setting your WhatsApp account. Luckily, there exists an extra defense line to ensure the safety of your account, if your 6 digit activation code is hacked.


However, as noticed in the recent hacking incident against Amazon's CEO Jeff Bezos, it was observed that these security measures aren't enough to provide security. But it will somehow provide you an extra safety mechanism if, by any chance, the hacker gets your 6 digit security code. How to ensure the safety of your Whatsapp account? In normal circumstances, getting back to your hacked Whatsapp account is very simple: open the app, and while logging in, the app will send you another 6 digit code.

But the problem arises when the hacker, once having the hold of your account, intentionally puts up wrong verification codes to prevent further login into your account for up to 12 hours. The worst-case scenario arises when the user has not set up the 2 step authentication process, which permits the hacker to use a security pin of their own, restricting the user access to his Whatsapp account for a total duration of 7 days.

Therefore, it is always important to follow 2 basic rules:
  1. Don't disclose your 6 digit verification code- it doesn't matter if it's your parents, family, or friends. No one ever has a genuine intention to ask your Whatsapp code sent over the SMS, so never consider disclosing the details. 
  2. Set up a 2 step verification process- if in case, your account gets hacked by some reason, 2 step security pin ensures that only the user has the access to the Whatsapp account. 
How to set up the security pin-
  • Open Whatsapp and go to the settings option. 
  • Select account and hit 2 step verification. 
  • Setup your 6 digit security pin. 
  • You will be asked this every time you install your WhatsApp. You can also add your e-mail address as a backup if you ever lose your pin.

Facebook Code Update Gone Wrong Exposes Anonymous Admins



Recently Facebook encountered quite a bug crisis, as a bad code update going live on the night of 10th January apparently prompted the exposure of the mysterious anonymous of admins and many known personalities for a few hours.

All it took to exploit' the bug was opening a target page and checking specifically the edit history of a post and Facebook erroneously showed the account or accounts that made those edits to each post, as opposed to simply displaying the edits themselves.

In spite of the fact that Facebook immediately pushed a fix for this flaw, yet it wasn't quick than the word that had already got around on message boards like 4chan, where users posted screen captures that 'doxed' the accounts behind prominent and rather well-known pages.

Saying that it was the aftereffect of a code update, the social media giant, exposed the accounts behind the official Facebook Pages of the 'pseudonymous' artist Banksy, Russian President Vladimir Putin, former US secretary of state Hillary Clinton, Canadian Prime Minister Justin Trudeau alongside the Climate activist Greta Thunberg, and rapper Snoop Dogg, among others.

No data past a name and public profile link was accessible; however, for those admins running anti-regime pages under 'a repressive government', even this much public exposure is also extremely alarming.

After a series of privacy and security indiscretions, Facebook has concentrated explicitly on building out its protections and has additionally been relentlessly growing its bug bounty, which has encouraged researchers, just like the person who discovered the edit history bug, to submit security flaw for potential rewards in the future.

As ambitious upgrades like these require some serious effort and time and no absolutely no amount of added security can change the major risks that go with amassing the information of 2.5 billion individuals.

Lukasz Olejnik, an independent privacy adviser and research associate at Oxford University's Center for Technology and Global Affairs says, "For sensitive pages, I would not rule out that some people may be feeling that they are in danger due to what happened today, using fake accounts to run pages would have been a good idea. Some could see it as a paranoid way of hiding, but it's not."

Further adding, "People who run sensitive Pages from their own Facebook should now consider that their identity may be known, while mistakes happen, this one is unexpected."


Data Privacy on Alert; Facebook, Whatsapp and Others Fear The Personal Data Protection Bill?


The latest amendments in the “personal data protection bill” of India could make Facebook and other data consuming platforms lose sleep over enhanced government powers.

On Tuesday, the Personal Data Protection Bill was passed around in the parliament which could have strong consequences on the way the organizations store, process and use public data.

The newest addition to the bill is the stipulation that endows the Indian government to demand from a company the “anonymized” personal and non-personal data for better government services.

Per the bill, any information that could aid in identifying a person and possesses characteristics, traits or any attributes of a person’s identity could be defined as “personal data” and the rest as non-personal.

For the leading tech-organizations, personal or non-personal, the data is valuable. And these new provisions brought out by the bill are issues of major concern.

Reportedly, an official strongly taking the government’s stand mentioned that the “personal data” is as valuable to the society as it is to the tech-companies.

They also mentioned something along the lines of making use of data from cab organizations like “Uber” to comprehend the limitations of Indian public transport and what could be done for its betterment.


There is no specific mention as to what the data shall come in exchange for or any other ensuing rules as to the processes regarding it.

Per the bill, personal data such as biometric details and financial data could be transferred beyond the boundaries of India for processing purposes but must be stored locally.

Allegedly, the media platforms in question could also need to provide a structured procedure for users to “prove their identities” and “display a verification sign publicly”. This could cause major companies to face major technical issues.

Dreading the possibility of furthered compliance costs, the countries across the globe have been pushing their agencies to go against such rules.

Per reports, these fresh exceptions that the bill makes available for the government could be alarming for India’s privacy situation which isn’t as strong as all that.

The bill that shall soon be presented in the parliament will definitely not be passed in this session and only after further voting and discussion should any results be declared.

Facebook Files a Lawsuit Against a Company for Running Malicious Ads?



Reportedly, Facebook filed a lawsuit against a “Chinese Company” that allegedly put user accounts at large only to put up suspicious ads on the platform.

The running and distribution of advertisements which were about “counterfeit goods” and “dietary pills” was the only purpose of compromising the accounts in question.

The aforementioned company, per reports, goes by the name of “ILikeAD Media International Company Ltd.” It is, according to sources represented by the authors of the malware scheme, namely, "Huang Toa" and "Chen Xiao Cong".

Purportedly, the aforementioned authors apparently employed two basic ploys to mask their actual aim.

Using images of celebrities, aka “celeb bait” to lure people into clicking on them is one of them and the other happens to be something called “Cloaking”.

Cloaking refers to the act of hiding something from the Facebook systems so that the real destination of a link and advertisement is concealed.

The ad after getting clicked on would lead the users to the genuine “landing page” whereas Facebook would be tricked into seeing a version that’s legitimate according to the policies and terms of the advertising policies.

Per Facebook, in most cases, Cloaking is foolproof as it hardly ever leaves tracks behind, making it pretty tough to realize the identity of actors. This majorly happens to be the reason why there are no specific rules about this.


Reportedly, another attack along the same lines was observed when fake PDF file editor was being pushed only to steal Amazon and Facebook session cookies. The malware at work, per reports, goes by the name of “Socelars”.

Along with session cookies, other data like access tokens, email addresses, credit card information, account IDs et cetera have allegedly constituted a part of the compromised data.

The cookies are later on used to link with several Facebook URLs where one among them accesses the “account_billing” directory.

The information allowing users to call a Facebook Graph API and extract data from the users’ Ads Manager settings is the major part of what’s inside the directory.

The malware which was being distributed via numerous websites was in actuality a new “Trojan” which had almost nothing in common with the other types.

There’s no knowing if the above-mentioned malware has anything to do with the organization that Facebook sued but it surely suits the description.

All the users who had fallen prey to the schemes pulled off by the cyber-cons were handsomely compensated for, along with getting their accounts secured and free of any unauthorized access.

Facebook is very well aware of the jeopardy its users almost got into and is all-in for taking precautionary measures to erase any chances of repetition.

Facebook Might Be Secretly Spying On You via Your Phone's Camera


The social media giant that has been the constant subject of backlash quite a several times in the past, is once more in the limelight, with a bug that covertly opens the iPhone's camera background while casually scrolling through the Facebook feed.

The issue was first hailed by a Twitter user, who goes by the name Joshua Maddux. He shared a video wherein his phone's camera can be seen to be active in the background as he scrolls through his Facebook feed.

He tweeted, "Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet."

Many iPhone users were left stunned to discover their iPhone's camera automatically running in the background when they opened Facebook.

Facebook has acknowledged the existence of the bug and is searching for approaches to fix it. The company's Vice President of Integrity Guy Rosen tweeted that "sounds like a bug" and the social networking platform was investigating.

He later affirmed that there was, in fact, a bug and it appears to just affect iPhone users running the most recent iOS 13 software.

He tweeted, "We recently discovered our iOS app incorrectly launched in the landscape. In fixing that last week in v246 (version246), we inadvertently introduced a bug where the app partially navigates to the camera screen when a photo is tapped. We have no evidence of photos/videos uploaded due to this,"

This could be another protection related to 'lapse' from Facebook. The company has consistently been highlighted for its privacy policies and it has additionally been the one that had to even pay around a record USD5 billion fine for neglecting to ensure people's data, the biggest fine forced by the US regulator against a tech company ill date.

Facebook used user data to control competitors and rivals


Leaked documents from a lawsuit filed by a now-defunct startup Six4Three on Facebook shows some 700 pages revealing how Facebook leveraged user data against rivals and offered it up as a sop to friends.

NBC News reported how Facebook's executive team harnessed user data and used it as a bargaining chip to manipulate rivals. There are thousands of leaked documents to support that this was done under the supervision of the company's CEO Mark Zuckerberg.



NBC News has published an entire log of documents containing 7,000 pages including 4,000 internal communications such as emails, web chats, notes, presentations, spreadsheets on Facebook. These documents are dated between 2011 and 2015 that disclose the company's strategy of rewarding partners by giving them preferential data while denying the same to competitors.

The lawsuit that resulted in this major leak, was filed by Six4Three, a now inoperative startup which created the failed app Pikinis. The app allowed users to view pictures posted by people on Facebook and in order to work, the software required access to data on Facebook. The suit accuses Facebook of misusing and abusing data and uneven distribution of it. Other apps including Lulu, Beehive ID, and Rosa Bandet couldn't do business anymore after losing access to data.

The documents also revealed similar operations, for instance, the social network company gave extended access to user data to Amazon, as it partnered with Facebook and spent on Facebook advertising while denied data to MessageMe, a messaging app when it grew large enough to be a competition to Facebook.

Commenting on the documents, Facebook’s vice president and deputy general counsel, Paul Grewal, told NBC News, “As we’ve said many times, Six4Three — creators of the Bikinis app — cherry-picked these documents from years ago as part of a lawsuit to force Facebook to share information on friends of the app’s users.” However, no evidence has been provided by the company to support the "cherry-picked" claim.

In March, this year Zuckerberg said, that Facebook would focus more on its user's privacy as the social network's future. But for Facebook, privacy seems like a PR stunt and data more of a currency.

End of Facebook encrypted messaging?


The United States, United Kingdom and Australia, in an open letter, dated 4 October urged Facebook to create backdoors into its encrypted messaging apps to grant law enforcers faster access to private messages. This would help the government to tackle child abuse, terrorism and organized crimes.

The open letter was signed by UK home secretary Priti Patel, the US Attorney General William Barr, Acting US Homeland Security Secretary Kevin McAleenan and the Australian minister for Home Affairs Peter Dutton on the grounds that cross-platform messaging encryption threatens public safety. It also aligns with UK and US’s agreement of “world-first” data access that will make cross border access to data easier and faster.

Earlier this process took from six months to a year however this agreement will speed up the process by weeks to even days as it will permit law enforcers to demand data directly from the company without asking the country’s government first.

Head of online child safety at the NSPCC Tony Stower said, “The landmark agreement between the US and UK on accessing data will radically reduce the time it takes for police to get hold of the data they need from tech giants to bring offenders to justice.
"It should be a hugely important step forward in tackling online child abuse - if tech giants play their part too."

What is End to End Encryption?

In End to End Encryption, the key to access the message is only with the sender and the recipient, even the platform can’t access the content. And, to access the content the platform needs to add backdoors that they themselves and government can access.

Facebook owned, WhatsApp already has end to end encryption and in March 2019, following the data scandal and Facebook's incompetence to protect its user’s data, Mark Zuckerberg announced plans to incorporate this encryption in messenger and Instagram.

With this open letter the governments of US, UK and Australia are pressuring Facebook to pause its plans of encrypting all messages. To which Facebook stand in opposition saying "people have the right to have a private conversation online." Facebook states that it is "consulting closely with child safety experts, governments and technology companies and devoting new teams and sophisticated technology" to keep people safe.

Privacy or Public Safety 

The letter chiefly focuses on child abuse and exploitation, considering the risk of easy access to offenders and criminals with encryption. In 2018, Facebook reported 16 million child-exploitation tips last year, Deputy Attorney General Jeffrey Rosen said.

FBI Director Christopher Wray said that Facebook’s proposal to encrypt its popular messaging program would turn the platform into a “dream come true for predators and child pornographers.” (Sc Reuters)

The letter supports encryption but with backdoors that grants government “a means for lawful access to the content of communications”

Facebook spokesperson said “We believe people have the right to have a private conversation online, wherever they are in the world. Ahead of our plans to bring more security and privacy to our messaging apps, we are consulting closely with child safety experts, governments and technology companies and devoting new teams and sophisticated technology so we can use all the information available to us to help keep people safe.”

Electronic Frontier Foundation (EFF) called the letter “ an all-out attack on encryption” and the organization cautioned that such measures could pose a risk to journalist and activists and could be used by “authoritarian regimes... to spy on dissidents in the name of combating terrorism or civil unrest.” (Sc Forbes)

User Accounts and Phone Numbers Exposed; Confirms Instagram


Social Media Giant and Instagram senior, Facebook affirms that a newfound security vulnerability may have put the user data in danger, leaving many open to attack by 'threat actors'.

The vulnerability is said to be so strong to the point that through it the attacker would effectively access 'secure' user data like the users' real names, Instagram account numbers and handles, and full phone numbers.

An Israeli hacker known by the handle @ZHacker13 found the vulnerability with Instagram and said that misusing it would empower an attacker utilizing a multitude of bots and processors to manufacture an accessible/attackable database of users, bypassing protections protecting that information.

The attacker utilizes a simple algorithm against Instagram's login form, checking each phone number in turn for those linked to a live Instagram account, and since there is no restriction on the number of algorithms that can be kept running in parallel, the attacker can do it as many number of times as he wants.


After this while exploiting the advantages of Instagram's Sync Contacts feature he can figure out how to discover the account name and number linked to the phone number.


Anyway as of now, there is no proof that any user data has been misused or mishandled via utilizing this vulnerability—in any case; on the other hand, there is no proof that it hasn't.

Probably the fact that the endeavour required two separate procedures may imply that the attackers have chosen to withdraw.

Meanwhile, @ZHacker13 tested his Instagram exploit post Facebook's fix and affirmed that it no longer worked.