Facebook

Facebook to pay up to $40,000 for finding ways to hack Facebook or Instagram accounts

Facebook has been going through a rough patch this year after suffering two severe security breaches that affected millions of its users.

While every year, Facebook pays millions of dollars to researchers and bug hunters to find security holes in its products and organization, it is still facing security breaches. Facebook has been running its Bug Bounty program since 2011.

Now, in order to step up its efforts to tighten the security of the platform, Facebook on Tuesday announced in a post that it has increased the average payout for account takeover vulnerabilities so as “to encourage security researchers to work on finding high-impact issues”.

The announcement further read, “The researchers who find vulnerabilities that can lead to a full account takeover, including access tokens leakage or the ability to access users’ valid sessions, will be rewarded an average bounty of:

* $40,000 if user interaction is not required at all, or
* $25,000 if minimum user interaction is required.

“This change applies to all products owned by Facebook, including Instagram, WhatsApp, and Oculus.

“Further, we will not require a full exploit chain in cases where leveraging the vulnerability requires bypassing our Linkshim mechanism.

“While monetary reward may not be the strongest incentive for why bug bounty researchers hack, we believe it remains a strong motivator for our white hat researchers to invest time in helping us identify and mitigate vulnerabilities. We encourage researchers to share their proof of concept reports with us without having to also discover bypasses for Facebook defense mechanisms.

“By increasing the award for account takeover vulnerabilities and decreasing the technical overhead necessary to be eligible for bug bounty, we hope to encourage an even larger number of high-quality submissions from our existing and new white hat researchers to help us secure over 2 billion users.”

For those unaware, earlier this year, it was the Facebook–Cambridge Analytica data scandal where the personal information of 87 million Facebook users was harvested by Cambridge Analytica without their consent and used for political purposes.

Later, in September this year, Facebook discovered a major security issue that allowed hackers to access information, which could allow them to take over around 50 million accounts.

Source: Facebook 

Facebook Is the Least Trusted Major Tech Company Among Americans For Protecting Personal Data, Suggests Polls

Facebook, the social networking giant, has been voted as the least trustworthy tech company, according to a recent survey conducted by Fortune. Thanks to Facebook’s increasing scrutiny for its handling of data privacy, ad targeting, and propaganda that has made its users trust the company the least.

According to the survey, only 22 percent of Americans trust Facebook with their personal information out of all major tech companies. On the other hand, Amazon with 49 percent ranks the highest in terms of trust, followed by Google (41 percent), Microsoft (40 percent), and Apple (39 percent).

“Facebook is in the bottom in terms of trust in housing your personal data,” said Harris Poll CEO John Gerzema. “Facebook’s crises continue rolling in the news cycle.” The poll was carried out by Harris Poll on behalf of Fortune in mid-October that surveyed over 2,000 U.S. adults.

This obvious lack of trust is bad news for Facebook, which is mainly due to factors such as leadership, ethics, trust, and image. Also, the Cambridge Analytica scandal earlier this year where up to 87 million Facebook users data was shared without their permission, along with the September data breach in which roughly 50 million of its users’ data was exposed through an attack on its network, has only attributed to Facebook’s low rankings.

Additionally, 48 percent of those who took the survey admitted to viewing Facebook more negatively than six months ago.

According to the survey, only 59 percent of respondents said they were “at least somewhat confident” in Zuckerberg’s leadership in the ethical use of data and privacy information. With 77 percent, Amazon CEO Jeff Bezos came in first, followed by Apple’s CEO Tim Cook at 72 percent, Microsoft’s CEO Satya Nadella at 71 percent, and Google’s CEO Sundar Pichai at 68 percent.

“That would be a C or D in grade school,” Gerzema said about Zuckerberg.

Facebook declined to comment on the poll. The company instead pointed to recent remarks made by Zuckerberg where he said that Facebook continues to invest in security and that its defenses are improving.

Not only the Facebook users, but some of the company’s major investors too are disappointed by Zuckerberg. Last month, several major public investment funds had proposed removing Zuckerberg as the company’s chairman of the board.

Source: PYMTS

Facebook launches Lasso, a short video app like competitor TikTok

Facebook on Friday quietly launched its stand-alone music app to rival popular short-video social network, TikTok, without any official announcement on its website, reports The Verge.

Called “Lasso”, the music app is directed at teens which allows users to create short music videos similar to TikTok, the short 15-second video app that had recently merged with Musical.ly. Lasso is available on both, iOS and Android. Currently, the app is available only for users in the U.S.

Apparently, almost half of teenagers in the U.S. say they use Facebook, which is a decrease of 20 percent from 2015, according to Pew. In comparison, nearly 69 percent of US teenagers use Snapchat, 72 percent say they use Instagram and 85 percent say they use YouTube. Hence, it is believed that Facebook has introduced Lasso app to lure the teenagers and gain its lost hold.

“Lasso is a new standalone app for short-form, entertaining videos — from comedy to beauty to fitness and more. We’re excited about the potential here, and we’ll be gathering feedback from people and creators,” Facebook told The Verge.

With Lasso, users can record themselves dancing and lip-syncing to music and also record short clips. It allows users to add music and text to their videos, add cool effects, etc. Users can also find popular hashtags, follow creators, and browse videos.

Users can sign in to Lasso through Instagram or create an account using Facebook. They can share their videos directly from the app to their Facebook Stories, with the feature to share them as Instagram Stories coming soon. All profiles and videos on Lasso would be public, which means you cannot keep anything private.

Currently, it is unclear when Facebook would be releasing the app globally.

Private conversations stolen from 81,000 Facebook users are up for sale

Hackers have published private messages from the compromised accounts of some 81,000 Facebook users and put them up for sale on the internet, according to a BBC News report.

The hackers told the BBC Russian Service that they had personal information of more than 120 million accounts, which they were attempting to sell. Many of the users whose details have been compromised are based in Ukraine and Russia but some were also from the UK, US, Brazil and elsewhere.

“The hackers offered to sell access for 10 cents per account. However, their advert has since been taken offline,” the report added.

Data stolen by the hackers include photos of a recent holiday sent privately between two Facebook friends, private messages between couples, complaints about a son-in-law and a chat about a recent Depeche Mode (British rock band) concert.

Russian Facebook users whose private messages had been uploaded were contacted, who confirmed to the BBC that the information was indeed theirs.

The breach was discovered in September when a user named FBSaler posted an advertisement on an English-language internet forum offering to sell the details of 120 million Facebook accounts at 10 cents a handle.

However, Facebook responded to the report and said its security had not been compromised and the messages were reportedly obtained through malicious browser extensions.

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Facebook executive Guy Rosen told the BBC. “We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”

The social media giant also assured its users that it had taken preventive measures to avoid further accounts from being affected.

Cybersecurity company Digital Shadows investigated the claim for the BBC and confirmed that the compromised data of the 81,000 users posted online as samples included private messages.

Earlier in September, there was a report that over 50 million Facebook accounts were hacked, which included accounts Facebook CEO Mark Zuckerberg and chief operating officer, Sheryl Sandberg. Later, in October, Facebook confessed that hackers had broken into nearly 30 million users’ accounts by stealing their “access tokens” or digital keys.

Facebook is developing a TikTok-like music video app called Lasso

Facebook is reportedly working on a stand-alone music app to rival TikTok, formerly known as Musical.ly.

For those unaware, China’s Beijing Bytedance Technology Co., which owns the company Tik Tok, the immensely popular 15-second video-sharing app, had acquired Musical.ly, Inc. for a reported US $1 billion in November 2017.

According to a report from TechCrunch, the social network giant is developing an app called “Lasso” directed at teens, where users can record themselves dancing and lip-syncing to music.

“It’s basically TikTok/Musically. It’s full-screen, built for teens, fun and funny, and focused on creation. A lot of what they’re doing is just trying to be cool and trying to be something that Facebook isn’t,” a source was quoted by TechCrunch.

The product is being built by members of Facebook’s video and Watch team under leadership from Facebook’s principal lead product designer Brady Voss.

The news of Lasso comes closely after Facebook announced new music features on Thursday. The social media giant has added music stickers to its Stories feature and rolled out lyrics to its Lip Sync Live in certain markets, which is a singalong feature integrated into Facebook Live. This feature allows you to perform for friends in real time and read their comments as you sing. Lasso would most likely be the stand-alone app version of Lip Sync Live.

Also Read– Facebook announces AI-powered video calling device “Portal”

The company also recently rolled out the ability to add songs to photos and videos for Stories and News Feed updates. It’s also working on a new profile section that will allow users to pin songs to the top of their profile.

UK watchdog fines Facebook £500,000 over Cambridge Analytica data scandal

Britain’s privacy watchdog has fined Facebook £500,000 ($645,000) over Cambridge Analytica data scandal. This is the maximum possible fine that can be imposed by UK’s Information Commissioner’s Office (ICO) for breaching data protection rules.

The ICO had issued a Notice of Intent to Fine to Facebook in July following an investigation into the company’s data sharing policies that exploited the data of 87 million users.

“The ICO’s investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who had,” the ICO said confirming the fine.

“Facebook also failed to keep the personal information secure because it failed to make suitable checks on apps and developers using its platform. These failings meant one developer, Dr Aleksandr Kogan and his company GSR, harvested the Facebook data of up to 87 million people worldwide, without their knowledge. A subset of this data was later shared with other organizations, including SCL Group, the parent company of Cambridge Analytica who were involved in political campaigning in the US.

“Even after the misuse of the data was discovered in December 2015, Facebook did not do enough to ensure those who continued to hold it had taken adequate and timely remedial action, including deletion. In the case of SCL Group, Facebook did not suspend the company from its platform until 2018.”

During its investigation, ICO found that personal information of at least one million UK users was among the harvested data that was subsequently put at risk of further misuse. The information was used to help Donald Trump during his 2016 presidential election campaign.

“Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data,” ICO said. “A company of its size and expertise should have known better and it should have done better.”

The penalty of £500,000 is the maximum allowed under the Data Protection Act 1998 at the time of the breach. This fine represents 0.00001 percent of Facebook’s CEO Mark Zuckerberg’s £43 billion ($61.5 billion) fortune. However, it could have been a lot worse had the data breach taken place under the General Data Protection Regulation (GDPR) law passed in May.

Under the EU’s new data protection laws, Facebook could have faced a maximum fine of £17m or 4% of global turnover – whichever is higher.

“We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation. The fine would inevitably have been significantly higher under the GDPR. One of our main motivations for taking enforcement action is to drive meaningful change in how organizations handle people’s personal data,” ICO said.

“Our work is continuing. There are still bigger questions to be asked and broader conversations to be had about how technology and democracy interact and whether the legal, ethical and regulatory frameworks we have in place are adequate to protect the principles on which our society is based.”

In response to the ICO announcement, Facebook commented that it is “reviewing” the decision.

“While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015,” a Facebook spokesperson said in a statement.

“We are grateful that the ICO has acknowledged our full cooperation throughout their investigation, and have also confirmed they have found no evidence to suggest UK Facebook users’ data was in fact shared with Cambridge Analytica.”

Major Facebook shareholders propose the removal of Mark Zuckerberg as chairman

Several major public investment funds on Wednesday proposed removing Facebook CEO Mark Zuckerberg as the company’s chairman of the board. The proposal comes right after the recent data breach that affected 30 million Facebook accounts.

State treasurers from Illinois, Rhode Island and Pennsylvania, and New York City Comptroller Scott Stringer, who oversees money including pension funds co-filed the proposal. They joined a proposal originally filed by the investor, Trillium Asset Management in June that called for Zuckerberg to resign as chairman.

Also Read- Hackers accessed 29 million user accounts, says Facebook

The proposal is largely symbolic since Zuckerberg holds absolute control of the board. The removal demand comes at a time when recent security lapses at the social networking giant have raised questions over the company’s leadership.

“We need Facebook’s insular boardroom to make a serious commitment to addressing real risks — reputational, regulatory, and the risk to our democracy — that impact the company, its share owners, and ultimately the hard-earned pensions of thousands of New York City workers,” New York City Comptroller Scott Stringer said in a statement.

“An independent board chair is essential to moving Facebook forward from this mess, and to reestablish trust with Americans and investors alike,” Stringer said.

The proposal by the investors calls for a separation of the roles of CEO and the Chairman, that is currently held by Zuckerberg. They argue that separating Facebook’s chairman and CEO roles is “in the best interest of shareholders, employees, users, and our democracy.”

Considering Zuckerberg’s outsized influence on the company, the proposal is likely to go in vain. A similar shareholder proposal looking for an independent chair had gone down in 2017 at Facebook. Zuckerberg holds a majority of supervoting shares and controls 59.9 percent of the company’s voting power.

While Facebook declined to comment, it quoted it’s response to the prior proposal in which it said that it did not believe an independent chairman would “provide appreciably better direction and performance, and instead could cause uncertainty, confusion, and inefficiency in board and management function and relations.”

Facebook confirms 29 million users’ data accessed by hackers: How to check if your account has been hacked

Last month, Facebook was hit by the worst-security breach where the hackers accessed personal information of millions of users. Back then, Facebook had said that the hack had exposed data of approximately 50 million users.

However, the social networking giant has now confirmed that the security breach has actually affected nearly 30 million accounts, which is less than the originally estimated 50 million. Additionally, hackers weren’t able to access more sensitive information like password or financial information, as well as third-party apps weren’t affected, the company said.

Of the 30 million accounts, hackers were able to successfully access personal information from 29 million Facebook users. However, the hackers were not able to get access to information about the accounts of one million people.

Out of those 29 million accounts, hackers were able to name and contact details (phone number, email, or both, depending on what people had on their profiles) of 15 million people.

Further, in case of another 14 million people, besides stealing information in regard to name and contact details, they also stole other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.

“First, the attackers already controlled a set of accounts, which were connected to Facebook friends. They used an automated technique to move from account to account so they could steal the access tokens of those friends, and for friends of those friends, and so on, totalling about 400,000 people. In the process, however, this technique automatically loaded those accounts? Facebook profiles, mirroring what these 400,000 people would have seen when looking at their own profiles,” said Guy Rosen, Facebook Vice President of Product Management in a news release.

“That includes posts on their timelines, their lists of friends, Groups they are members of, and the names of recent Messenger conversations. Message content was not available to the attackers, with one exception. If a person in this group was a Page admin whose Page had received a message from someone on Facebook, the content of that message was available to the attackers,” he added.

Besides this, Rosen also added that the attackers had no information to data from “Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.”

Facebook stated that while they are continuing to investigate and are working to resolve the security breach discovered two weeks ago, they do not rule out the possibility of smaller-scale attacks. The social networking is working with the FBI, the US Federal Trade Commission, Irish Data Protection Commission, and other authorities to investigate who might be behind the breach.

In the coming weeks, Facebook also plans to send customised messages to the 30 million people affected to explain what information the hackers might have accessed, and steps to protect themselves, including from suspicious emails, text messages, or calls.

Facebook said that affected people can check whether their accounts were hacked by visiting ‘Help Center‘.

Meet Portal and Portal+, Facebook’s smart video calling devices for Messenger

Facebook has finally amidst all rumors officially launched its Messenger-enabled video chatting devices for the home, Portal and Portal+. With the launch of these devices, Facebook has entered the smart speaker space to compete with the likes of Amazon, Google, and Apple.

The two products, Portal and Portal+, allows users to make and receive video calls using the Facebook Messenger service or Facebook. Portal closely resembles Amazon’s Echo Show.

Specifications and Features:

Display

Facebook Portal features a 10-inch touch-sensitive display at a 1280 x 800 resolution, while the Portal+ has a larger high-definition 15-inch screen with a 1920 x 1080 resolution. Portal’s display is fixed in landscape mode, but Portal+’s screen can pivot between portrait and landscape modes.

Camera

Smart Camera and Smart Sound use AI (artificial intelligence) technology for added security and runs locally on Portal, not on Facebook servers. Powered by AI, Portal’s Smart Camera and Smart Sound technology allow users to enjoy a more convenient, hands-free experience. While Portal’s camera doesn’t use facial recognition and doesn’t identify the user, it does follow users during video calls.

“Smart Camera stays with the action and automatically pans and zooms to keep everyone in view. Smart Sound minimizes background noise and enhances the voice of whoever is talking, no matter where they move. It’s like having your own cinematographer and sound crew direct your personal video calls,” notes Facebook in a blog post.

Privacy

As Facebook is aware of privacy concerns, the cameras in the Portal and Portal+ come with a cover that can easily block the camera’s lens at any time and the user can still receive incoming calls and notifications, plus use voice commands. Facebook has done this to give an assurance to its users that it is not watching their moves. Also, Facebook allows users to disable cameras and the microphones in Portal and Portal+ with a single tap.

Password

To manage Portal access within your home, you can set a four- to 12-digit passcode to keep the screen locked. Changing the passcode requires your Facebook password.

Encryption

Facebook notes that it “doesn’t listen to, view, or keep the contents of your Portal video calls”. The Portal conversations stay between the user and the people they are calling. In addition, video calls on the Portal are encrypted, which means the calls are always secure.

Voice Control + Alexa

Portal offers hands-free voice control. Like other voice-enabled devices, Portal only sends voice commands to Facebook servers after you say, “Hey Portal”. You can delete your Portal’s voice history in your Facebook Activity Log whenever you want. With Amazon Alexa built-in Portal, you can check for weather updates, sports scores, control smart home devices, order groceries, and much more. You can also use Amazon Prime music streaming on the device.

Music and Video

Portal enables shared activities like listening to music together or watching some of your favorite shows. The Portal and Portal+ can play music through Spotify Premium, Pandora and iHeartRadio, or stream video from Facebook Watch, Food Network, and Newsy. Facebook says that more partners for content will be announced soon

Connect with Facebook and Messenger Friends

You can call Facebook friends and connections on Messenger even if they don’t have Portal. You can also use the touchscreen to start a call. Calls can be made to and from Messenger-enabled smartphones and tablets. Portal supports group calls of up to seven people at the same time.

Other features

When you are not using the video calling feature, Portal’s Superframe can display your favorite photos and videos and important notifications like birthday reminders, anniversaries to make you feel a little more connected to your closest family and friends.

Another cool feature is Story Time, which has five interactive storybooks you can read. This feature brings stories to life with custom sound effects and visuals.

Portal and Portal+ are available now for pre-order in the U.S. from Facebook, Amazon and Best Buy. You can purchase a Portal for $199 or a Portal+ for $349. However, if you bundle two Portal models together, you can save $100, and get the pair for just $298. Both the devices will start shipping in November.

Hackers are selling stolen Facebook logins on the dark web for as little as $3

Facebook accounts are being sold on the dark web for as low as $3, reports The Independent. This news comes shortly after a massive security breach that exposed data of approximately 50 million of Facebook users last month.

Hackers had exploited the security flaw and stolen “access tokens”, which is equivalent of digital keys that keep users logged into their accounts and include users’ sensitive data. However, the company back then claimed that it did not find any evidence of Facebook Logins being used by hackers.

But now, these stolen Facebook logins are being sold on the dark web for as little as $3 with the most expensive being sold for $12. Value of the entire stolen data has been estimated to be around $150 million and $600 million.

According to The Independent, dozens of listings for sale were noticed on the dark web marketplace, Dream Market, which use a similar rating system to other online retailers like Amazon and eBay to verify its vendors. Interested buyers can purchase the account login details through cryptocurrencies such as bitcoins.

Basically, the access tokens allow users to stay logged into Facebook apps on smartphones even when they close them. However, the hackers can misuse it to take control of user accounts, or for cybercriminal crimes such as identity theft, credit card fraud, spam and fraud emails, or even blackmailing.

Facebook CEO Mark Zuckerberg in a post to Facebook last week said: “We face constant attacks from people who want to take over accounts or steal information around the world… The reality is we need to continue developing new tools to prevent this from happening in the first place.”

As a precautionary measure, Facebook has taken down the “view as” feature, known as a privacy tool to let users see how their profiles look to other people. In short, how their information is displayed to friends or friends of friends or to anyone.

Also Read- Top 10 Ways That Hackers Use To Hack Facebook Accounts