New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

Australian Facebook Users Affected by September 2018 Cyberattack

Nearly 29 million users were affected in a Facebook data breach last year, and over 111,000 of those users were Australian citizens. Data obtained in the breach included the user’s geolocation, search history, email addresses, and phone numbers. Almost 48,000 simply had their name, email, and phone number accessed. This left around 63,000 of the users more exposed because data such as geolocation, hometown, most recent check-ins, birthday, education, work history, Facebook search history, name, email, phone number, gender, relationship status, and religion were able to be found. Close to 1,600 private messenger conversations were also able to be viewed. A combination of three bugs allowed the attackers to secure access tokens, which enable Facebook users to stay logged in without having to enter their password after they close out a browser. All Australians affected have been notified since the discovery of the breach last year.

Analyst Notes

Since the breach occurred last year, it is likely changes have already been made. When the breach happened, users were advised to follow the link provided by Facebook and reset their access tokens. A password reset and logging out of other devices that do not get used–such as old phones and tablets was also recommended.