Instagram, Spotify, Airbnb or Tinder accounts could be compromised by Facebook hacking
Many experts in ethical hacking believe that the UK Conservative Party has made serious mistakes and omissions in legislation on cybersecurity, but the mistakes of this political party are not compared to those committed by Facebook recently. At the last minute of Friday, the social network confirmed that 50 million accounts had been compromised, and that is only the beginning.
If any of the 50 million affected users used their Facebook account to log into third-party sites (Spotify, Instagram, Tinder, or AIRBNB, for example), the data on those sites may also have been easily leaked. For some users this situation could be more sensitive, as the data hosted on these sites could be much more personal than those posted on Facebook.
In other words, the Facebook mistake could force other companies to audit their systems to see if they have also suffered a proxy attack. Any site that allows you to log in with your Facebook account may be affected, according to specialists in ethical hacking from the International Institute of Cyber Security.
Facebook has not officially revealed details of the compromised accounts, only reporting that both CEO Mark Zuckerberg and COO Sheryl Sandberg were among the affected users. If a user disconnected from the service between September 27 and 28, it is suggested that they could be affected, as it was when Facebook started the process of revoking tokens.
If this happened to you, it’s probably worth checking the Security section of your Facebook account to see if there were any strange logins recently.
While the social network has already made several mistakes, specialists in ethical hacking consider that there is likely to be a lesson here on how to take the easy way and use Facebook to log on to virtually any service. Many users may not consider it relevant for hackers to know their birth date or hometown, but would anyone really want a malicious actor to know their information from Tinder, Airbnb, or some other private service? A lot of this information might be useful to perform blackmail attacks to lots of users.