New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Facebook Admits Flaw

Facebook, the social media giant, admitted that around 1.5 million users’ contacts were harvested “unintentionally.” Since May of 2016, approximately 1.5 million new Facebook users were asked for their email password to assist in account verification. Those who did enter their passwords noticed a pop-up that stated that it was “importing” their contacts in an effort to build the user’s web of social connections and suggest other users to add as friends. A Facebook spokesman stated publicly, “Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time,” also “We’ve fixed the underlying issue and are notifying people whose contacts were imported.” Facebook indicated that the imported data was being deleted from the servers and was not shared with anyone. This incident is the latest in a line of privacy-related issues that plague the tech giant. Last month, researchers indicated that Facebook was storing the passwords of millions of users in a plain text format on its internal servers that were accessible to employees of Facebook.

Analyst Notes

Make the account password unique to Facebook, make the password complex by using capital letters, special characters and numbers. Never share your password with anyone and rotate passwords on a regular basis.