WhatsApp was hacked, and attackers installed sophisticated spyware on an unknown number of people’s smartphones. Facebook’s WhatsApp Hacked And 1.5 Billion Users Affected
- Whatsapp Was Hacked, And Attackers Installed Spyware On An Unknown Number Of People’s Smartphones.
- Bad Actors Installed The Surveillance Technology By Calling The Target Through Whatsapp, According To The Financial Times, Which First Spotted The Issue.
- The Ft Reported That The Spyware Was Developed By Israel’s Nso Group.
- Whatsapp Is Urging Users To Update The App And Said It Was Targeted By “An Advanced Cyber Actor.”
- Here’s How To Make Sure Your Phone Is Protected.
The Facebook subsidiary, which has 1.5 billion users, said it discovered in early May that “an advanced cyber actor” infected an unknown number of devices with the malware.
The Financial Times, which first reported on the issue on Monday, said bad actors exploited a vulnerability to install the surveillance technology by calling the target through WhatsApp, giving them access to information including location data and private messages. Even if the target didn’t pick up, the malware was able to infect the phone.
The FT reported that the spyware was developed by Israel’s NSO Group, whose Pegasus software is known to have targeted human-rights activists. In a statement to the FT, the firm denied any involvement in the WhatsApp hack.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” WhatsApp said in a statement to the FT. Facebook’s WhatsApp Hacked And
“We have briefed a number of human rights organisations to share the information we can, and to work with them to notify civil society.”
In a statement sent to Business Insider, a spokesman added: “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices. We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users.”
A notice on Facebook said the issue affected Android phones, iPhones, and Windows phones. An update to resolve the issue was released on Monday, and users are being urged to update regardless of whether they have had any suspicious call activity.
Citing a source, the FT reported that the US Department of Justice was notified about the hack last week.
WhatsApp Banks On Business Messaging Over Ads For Revenue
Facebook Inc. makes almost all of its money through advertising. But it’s trying a different approach with its WhatsApp unit.
The world’s most popular messaging service is pushing more aggressively into customer service features, including a pay-to-message option for businesses, and says it’s focusing on enterprise tools, not advertising. WhatsApp paused plans for targeted advertising late last year, surprising those who thought it would follow in line with its parent company.
“Our focus has been on the business messaging products,” says Matt Idema, WhatsApp’s chief operating officer. He said WhatsApp still envisions ads inside Status, a feature on the app similar to Facebook’s Stories, at some point.
WhatsApp announced an update Thursday aimed at businesses that use its API, the software interface that lets companies manage message threads with their customers outside of the app, like through a third-party dashboard. WhatsApp currently charges some businesses a small fee – a few cents per message – to send users things like receipts and confirmation reminders via the app instead of email.
Now WhatsApp will offer more API features, including free storage to host a business’s messages, in hopes that more of them will sign up for the API. Idema says 175 million of WhatsApp’s 2 billion-plus users interact with a business on the app every day, a sign that WhatsApp is focused on a function people care about. Tens of thousands of businesses use the API, Idema said, though Facebook doesn’t disclose WhatsApp’s revenue.
Part of WhatsApp’s appeal has been its high level of encryption, which means messages are never typically stored on Facebook servers or read by the company. By offering to store a businesses messages if they ask, WhatsApp is also committing to not use them to bolster ad targeting, a spokesman says.
Facebook has been working for years to figure out a way to turn its incredibly popular messaging apps into a remunerative business. The company pushed automated messaging bots aggressively a few years back on Messenger, its other standalone chat app, but that use case never took off. It also puts advertising inside of Messenger, though analyst’s don’t consider it to be a significant part of Facebook’s revenue.
The new plan is a combination of commerce and customer service. Charging businesses to send messages through the API is the only way WhatsApp makes money today. But Facebook has invested in a number of international companies, including Jio Platforms Ltd. in India, to secure partners for WhatsApp as it builds commerce and business features in those markets.
In India, for example, many small business owners use WhatsApp in lieu of a website, relying on the service to interact with customers and display product catalogs.
WhatsApp is trying to expand that functionality, too. Retailers can now promote a Facebook Shop on WhatsApp, a product catalog that works across all of the company’s apps, including Instagram. Idema sees Shops as a graduation of sorts from WhatsApp’s existing catalogs feature, saying it will let retailers manage a digital storefront from all Facebook’s apps instead of just on WhatsApp.
The next phase of WhatsApp’s plan will also include payments, enabling customers to buy products directly within the app. Those plans have hit regulatory snags in a number of countries, including India and Brazil, WhatsApp’s largest markets, adding to the complexity around making money through private messaging.
Why WhatsApp’s New Privacy Rules Sparked An Exodus
1. What Does The Policy Say?
WhatsApp is now reserving the right to share data it collects about you with the broader Facebook network, which includes Instagram, regardless of whether you have accounts or profiles there. Much of the policy, which is about monetizing WhatsApp, is broadly in line with what came before, but it now states clearly that “WhatsApp receives information from, and shares information with, the other Facebook Companies. We may use the information we receive from them, and they may use the information we share with them, to help operate” and market services. The option to share data with Facebook has existed for years, but it was just that: optional. From Feb. 8 it becomes mandatory.
2. Can Facebook Read My WhatsApp Now?
— Bloomberg Quicktake (@Quicktake) January 11, 2021
3. Why Does Facebook Want The Data?
It says it needs it to help operate and improve its offerings. More broadly, almost all of the $21.5 billion in revenue Facebook generated in its third quarter of 2020 came from ads, and there are none in WhatsApp. The company wants to be able to serve more targeted ads to people on Facebook and Instagram by also knowing their usage habits on WhatsApp, and let businesses take payments in WhatsApp for items that, for instance, were clicked on in Instagram ads.
4. What’s The Fallout?
Turkish President Recep Tayyip Erdogan’s media office and his country’s defense ministry said they’re dropping WhatsApp. Technology billionaire Elon Musk endorsed rival app Signal to his 42 million Twitter Inc. followers. The registration service for Signal crashed after an influx of new users overwhelmed its servers. On Jan 10., it tweeted: “We continue to shatter traffic records and add capacity as more and more people come to terms with how much they dislike Facebook’s new terms.”
5. Is The Policy The Same Globally?
No. There’s a difference in the text for Europe compared with the rest of the world. In the U.S., for instance, WhatsApp explicitly says it wants to be able to let users start connecting their Facebook Pay account “to pay for things on WhatsApp,” and let them chat with friends on other Facebook products, such as Portal, “by connecting your WhatsApp account.” This text does not appear in the version applicable to Europe.
6. Why Is Europe Being Treated Differently?
European data protection authorities, which under the European Union’s strict privacy laws are empowered to fine companies as much as 4% of global annual revenue if they breach the bloc’s rules, in 2016 had expressed “serious concerns” about the sharing of WhatsApp user data. EU antitrust authorities in 2017 fined Facebook 110 million euros ($134 million) for misleading regulators during a 2014 review of the WhatsApp takeover but stopped short of overturning the merger approval. Facebook had told EU regulators during the review it technically wasn’t possible to combine WhatsApp data with its other services.
Half A Billion People Just Had Their Facebook Data Leaked
Leaked information includes phone number, Facebook ID, full name, location, past locations, birthdate, email address, relationship status, and bio.
According to a security analyst, sensitive personal information for over half a billion Facebook users was leaked on a well-trafficked hacking forum earlier today — a potential risk to millions of cryptocurrency traders and hodlers who now may be vulnerable to sim swapping and other identity-based attacks.
The trove of information was first discovered by Alon Gal, CTO of security firm Hudson Rock, who posted on Twitter about the leak earlier today:
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
According to Gal, the leak is related to a security vulnerability first discovered in 2019. In January 2021, it became known that hackers were able to use the information to access user’s phone numbers; the leak has now expanded to include “Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio.”
According to Gal, the information could now enable hackers and scammers to deploy a variety of social manipulation exploits and other nefarioustactics:
“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.”
Cryptocurrency users are at particular risk of such attacks. Earlier this year, a victim of a sim-swapping attack sued mobile phone company T-Mobile for $450,000, and in 2018 Kaspersky Labs found that hackers were able to steal 21,000 ETH, currently worth over $43 million, in social engineering attacks over a 12-month period.
The data breach is also orders of magnitude larger than the Ledger breach late last year. Shortly after over 270,000 users’ information was leaked online, users reported extortionist threats, and considered lawsuits against the hardware wallet company.
Crypto At Risk After Facebook Leak: Here’s How Hackers Can Exploit Data
Attacks on digital asset exchanges and trading platforms have decreased drastically in recent years, but data leaks still leave users vulnerable.
Facebook is no stranger to data hacks and leaks, with the company having been on the receiving end of many high-profile security breaches in recent years. For example, back in 2018, the social media giant revealed that it had inadvertently exposed the personal information of more than 50 million users due to a small error in its platform coding, thus allowing miscreants to gain access to its users’ accounts.
Similarly, in 2020, the Mark Zuckerberg-led firm was embroiled in another major controversy when it came to light that thousands of developers had been able to access data from inactive platform users, again drawing the ire of many folks across the globe.
Now in 2021, the tech juggernaut has once again been hit with a fresh wave of data leaks, however, this time around, the number of users whose records were exposed was not 50 million but a staggering 500 million. On April 3, Alon Gal, chief technical officer of security firm Hudson Rock, revealed that sensitive personal information for over half a billion Facebook users was shared on a well-trafficked hacking forum.
To be more specific, the records include phone numbers, full names, locations, birthdates, bios, and, in some cases, email addresses of over 553 million located users across a total of 100 countries. Not only that, of the above-stated figure, 32 million users are apparently from the United States, while 11 million are from the United Kingdom.
Lastly, this data which is now doing the rounds online has potentially put at risk the savings of millions of digital currency traders and hodlers who now may be vulnerable to SIM swapping and other identity-based attacks, which have happened in recent years.
What Should Be Done?
How exactly does this most recent breach place at risk the crypto assets of individuals? Dave Jevans, CEO of blockchain security firm CipherTrace, told Cointelegraph that people who have had their phone numbers leaked need to be extra cautious since a lot of fraud involving digital assets hinges on such info, adding:
“We’ve seen an increase in SIM swaps, phishing attacks and other types of fraud involving cryptocurrencies that rely on acquiring the phone numbers of victims to execute. Leaked info about the identity of high-profile crypto users gave bad actors the ability to target them.”
He went on to add that individuals who believe their crypto may be at some sort of risk need to reconsider their existing privacy strategies — basically, thinking twice before storing all their holdings in a centralized exchange that may leverage user phone numbers for two-factor authentication.
Jevans further opined that managing one’s own keys could be a better way to protect our valuables from being phished via the use of stolen phone numbers. However, he conceded that even that may not be enough. “Phishing attackers can still use other means of acquiring account and address information, but it’s much harder,” he added.
Providing a take on the matter, Ben Diggles, co-founder and chief revenue officer for Constellation — a scalable enterprise-grade blockchain creating a standard for securing data in transit — told Cointelegraph that Facebook’s latest security lapse is not surprising, especially since most users of the social media platform tend to adhere to a different mindset — i.e., they like their world to be managed and organized for them.
He added that for most users, if they forget their passwords, they can just have the system reset it for them. Not only that, in Diggles’ view, most folks using Facebook aren’t even totally aware of how big their digital footprint actually is — a facet that Facebook doesn’t make too obvious either — adding:
“Those that are crypto holders that were on the list have little to worry about unless they were storing descriptive details of their holdings and access on their Facebook account. However, these hackers have gotten really sophisticated, so I have no idea what tricks they may have [up] their sleeves with regards to scraping info specific to crypto wallets and exchanges.”
That said, as a precautionary measure, he believes that it would be best if most users change their passwords across all of their social media accounts as well as other platforms that share their data with Facebook.
Does Decentralization Matter?
As more data leaks continue to happen, an increasing amount of people around the world are beginning to realize the value proposition that decentralized systems put forth from a security standpoint, especially since they do not feature a single point of failure.
On the subject, Eli Arkush, a cloud solutions engineer at cybersecurity firm GlobalDots, opined that having the backend system of a platform distributed using blockchain technology might make it a bit harder on the hackers to get a hold of user info; however, once credentials fall into the wrong hands, password reuse can become an issue.
Similarly, Diggles believes that few people are educated enough to understand why decentralization actually counts, since, in theory, everything already seems fairly decentralized in their experience, at least from a digital standpoint.
He added that most people don’t know that the internet plays by its own rules and thus when he tells people about how technologies such as Brave and the Basic Attention Token work, it’s mind-blowing to them: “Most people aren’t aware of their involvement in the grander data world, and I can see why humans have been conditioned to think centralization is safer.” He added: “If users are made aware that value is being siphoned off of them every day, I think they would change behaviors quickly.”
However, Stephen Wilson, a member of the Australian government’s National Blockchain Roadmap Cybersecurity Working Group and CEO of security services provider Lockstep Group, is of the opinion that contrary to what some may believe, it’s never a good idea to save personal information on any sort of blockchain ecosystem.
He pointed out that the type of personal information breached by Facebook should never be stored in a blockchain, and even if one does, such data can never totally be protected by blockchain with any sort of long-term effectiveness. He stated further that “there are many different facets of decentralization and distributed systems,” adding:
“Blockchain and DLTs usually only decentralize some aspects of data management. They don’t usually decentralize data storage in any relevant sense because they tend to duplicate ledger entries across multiple systems. The storage is distributed, but identical copies of information are available in multiple locations and can be vulnerable to attackers or thieves.”
Crypto Hacks In 2020 Were Centered Around The DeFi Space
Late last year, crypto hardware wallet manufacturer Ledger was on the receiving end of a data hack, as a result of which the private information of more than 270,000 users was leaked online. Following the incident, users started reporting extortion threats from bad actors resulting in many users even considered initiating legal action against the firm.
Furthermore, a total of 28 attacks were witnessed in relation to various prominent cryptocurrency exchanges and trading platforms in 2020, with the total sum of money being compromised as a result of these ploys amounting to around $300 million.
According to a report released by CipherTrace, more than 50% of all nefarious activities in relation to the crypto market last year were linked to various decentralized finance protocols after the immense amount of growth over the past year.
In the past, most hacking schemes have, by and large, focused on stealing funds from cryptocurrency exchanges, for example, in 2014 and 2018, the amount of money compromised as a result of exchanges being hacked lay at $483 million and $875 million, respectively.
However, an increasing number of miscreants are now turning their attention to stealing user data because it provides them with unique avenues to acquire funds with relative ease. Thus, it is of utmost importance that crypto owners learn how to protect their assets, using advanced tools not to fall prey to such breach attempts.
Was My Facebook Data Leaked? What You Need To Know
The publishing of personal information of more than 500 million users of the social-media platform illustrates the long impact that hacks can present.
Data from a 2019 hack of Facebook Inc. FB 2.23% was made public in recent days, revealing the phone numbers and personal information of more than a half-billion people.
While the data came from a vulnerability of Facebook platforms that the company says it has since fixed, security experts say that scammers could use the information for nefarious purposes like spam email and robocalling. Regulators in Europe have asked Facebook for more details about the data leak. Facebook said Tuesday in a blog post that the data leak reflects the ongoing need to police actions of bad actors on its platform.
Here is what you need to know.
How Do I Know If My Information Was In The Leak?
Facebook hasn’t commented on whether it will notify users to check if their information was swept up in the incident.
But some cybersecurity experts have created sites that allow people to see if their information was contained in data leaks.
One such site is haveibeenpwned.com, where you can enter your phone number or email address and see the result. The website, which allows people to check if their information was swept up in different data breaches, was created by Australian web-security consultant Troy Hunt.
Facebook didn’t immediately comment on the reliability of third-party sites that help people identify whether their information had been scraped from the platform.
What Data Was Leaked?
The troves included phone numbers, email addresses, birthdays, hometowns, relationship status and more from users in several countries world-wide.
What Should I Do To Protect My Accounts?
A good practice is to enable two-factor authentication for logging into Facebook. If activated, you will be asked to enter a special login code or confirm your login attempt each time someone tries to access Facebook from an unfamiliar browser or mobile device.
Facebook provides instructions on how to use two-factor authentication on its website. The company also said users should regularly review their settings to ensure alignment with what they want shared publicly.
Identifying a blanket course of action for people whose data was leaked could be difficult because a lot of the information, unlike passwords and credit-card numbers, can’t be changed.
How Was The Data Exfiltrated From Facebook?
Facebook says the vulnerability was the result of a weakness in the company’s contact importing function, an issue that it has said was identified and fixed in August 2019.
To address the issue, Facebook blocked people from being able to find users via their phone numbers across Facebook and Instagram. The company in 2019 found that software could be used to connect which phone numbers were associated with specific users. The tactic also enabled someone to query a set of user profiles and obtain certain information from their public profiles.
“This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services,” Facebook said in an April 6 blog post.
The data were extracted from the platform before the changes made by Facebook and later sold by hackers.
What Happened To The Data?
The hackers began selling the data online to bidders soon after it was accessed. Alon Gol, chief technology officer of the Israeli cybersecurity firm Hudson Rock, said it was initially sold for tens of thousands of dollars, and the price kept dropping until it was recently made available for free on sites like raidforums.com.
Hackers often release data for free once it has been circulated long enough, said Zack Allen, senior director of threat intelligence at ZeroFOX, a Baltimore-based cybersecurity company.
What Can Hackers Do With The Data?
The number of accounts involved, about 533 million, is high. “Half a billion of anything is a lot,” said Alex Holden, chief information security officer of Hold Security LLC. But he added that most of it is semipublic information that is often displayed on Facebook pages anyway. The hacked data don’t include more sensitive information like passwords, credit-card information or social-security numbers.
He said the information could be used for “social abuses” like robocalls and spam emails.
Mr. Allen said the data from the breach could be used by scammers to send malicious text messages, and they could potentially try to take over some phone numbers using SIM swapping technique, where they use the personal information stolen in the hack to swap the phone number onto another device.
“It’s a fallacy to believe that old data is bad data,” Mr. Allen said. “For example, the LinkedIn breach from the early 2010s was used by the Guild of the Grumpy Old Hackers to guess former President Donald Trump’s Twitter username and password in 2016.”
Why Does This Hack Matter?
Facebook has an enormous amount of information on its 2.8 billion users world-wide, and is a reminder that hackers will try to harvest that data for other purposes.
“While we can’t always prevent data sets like these from recirculating or new ones from appearing, we have a dedicated team focused on this work,” Facebook said in its April 6 blog post.
Facebook has faced controversy in the past from how its data is accessed and used, including when Cambridge Analytica, a data firm with ties to Mr. Trump’s 2016 presidential campaign, improperly accessed data on tens of millions of Facebook users.
The company paid a $5 billion fine levied by the Federal Trade Commission in 2019 as a result of the Cambridge Analytica affair and other issues with securing user data. It has since faced regulatory scrutiny in other jurisdictions over data-privacy issues.
Ireland’s Data Protection Commission, which oversees Facebook because its European Union headquarters are in Dublin, issued a statement on April 6 that it had contacted Facebook regarding the recent data leak since a significant number of people affected are EU users. It recommended people be vigilant regarding any services they use that require authentication using a phone number or email address in case third parties attempt to gain access.
Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,Facebook’s WhatsApp Hacked And,
Your Questions And Comments Are Greatly Appreciated.
Monty H. & Carolyn A.