[ad_1]
Since the reputation of the world's largest social media company, Facebook, was reinforced by the Cambridge Analytica data collection scandal, it was promising to avoid such incidents. On the one hand, efforts to improve user transparency have been strengthened, but the company has failed to guarantee the basic security of its data. After admitting that it was foolish to store hundreds of millions of passwords in an easily readable format, the social media giant is now trying to inform users of another naivety. Since 2016, Facebook has collected the email identifiers of 1.5 million new users, but claims to have done so »involuntarily. "
Internal business recently discovered that in the past three years, Facebook had downloaded contacts associated with email ids from at least 1.5 million new users without their permission. Lately, Facebook had asked users to share the email password used for registration, thus providing a simple and automatic method for checking their email. This is how he abused his privileges and the trust of users. The report states that Facebook has not only accessed email accounts on behalf of users, but has also imported their email contacts without requesting authorization and stored this data on its servers.
Contacts saved by Facebook were also collected to suggest friends, improve targeting of ads and press "The social network of Facebook.In response to this, a spokesman said Internal business that these contacts were "unintentionally uploaded to Facebook"And assured that the data is now deleted.
Until May 2016, users manually controlled whether they wanted to synchronize their email contacts with Facebook. The feature was then automated for users who directly checked their Facebook accounts, but the text intended to inform them was removed. So, while 1.5 million is the number of accounts whose data was collected, the actual number of email identifiers obtained by Facebook could have been much larger.
Internal business has gone from the front to show how the feature works. When a user enters the password corresponding to their email credentials and clicks the login button, a new dialog box titled "Import Contacts" appears. There is no button to cancel the process. Turning the tab will probably not help because Facebook already has access to your email account.
The company would havehas stopped providing email password verification as an option for people checking their account when they first sign up for Facebook"After a security researcher who calls himself alias" e-sushi "pointed out the flaw. Facebook also claims that users' private conversations have not been read and promised to inform all users whose emails were collected.
Hey @Facebook, asking for the secret password of your users' personal email accounts for verification purposes, or for any other type of use, is a HORRIBLE idea of a #infosec point of view. By taking this route, you practically fish passwords that you are not supposed to know! pic.twitter.com/XL2JFk122l
– e-sushi (@originalesushi) March 31, 2019
Unprotected Instagram passwords
Last month, it was revealed that the passwords of 200 to 600 million Facebook Lite users were stored without encryption on the company's servers, easily accessible to 20,000 employees. Now, a similar problem seems to have also affected several million Instagram accounts. When updating the previous blog, Pedro Canahuati, vice president of Facebook's security and privacy, said an additional journal containing millions of Instagram passwords stored in a readable format had been discovered by the research team of the company.
He also wrote that the company would notify users whose passwords had been stored without encryption. However, he continued to buzz the same air of challenge by ensuring that these passwords are not used or abused.
Source: Business Insider
[ad_2]
Source link