Security News
Meta Platforms has agreed to pay $90 million to settle a lawsuit over the company's use of cookies to allegedly track Facebook users' internet activity even after they had logged off from the platform. The social media company will be required to delete all of the data it illegally collected from those users.
A malicious developer could harvest Facebook data using the same access method, because Facebook is exposing a plain-text token that grants what security researcher Zach Edwards describes as "God mode." The request returns an access token to the extension for the logged-in Facebook user, allowing further programmatic interactions with Facebook data.
Meta has filed a joint lawsuit with Chime, a financial technology and digital banking company, against two Nigerian individuals who allegedly used Instagram and Facebook accounts to impersonate Chime and target its users in phishing attacks. The two defendants, Arafat Eniola Arowokoko and Arowokoko Afeez Opeyemi, presumably used a network of at least five Facebook accounts and over 800 Instagram accounts to impersonate the fintech company, attempting to take over customers' accounts.
How to enable end-to-end encryption in Facebook Messenger. End-to-end encryption is not enabled by default in Facebook Messenger.
Adults will have to hand over credit card or passport details before they can access social media sites, the British government threatened this morning. Internet use age verification - first floated and then abandoned via the country's 2017 Digital Economy Act - will return in the UK's Online Safety Bill, digital minister Chris Philp MP has vowed, linking the technology, widely criticised by privacy activists, to protecting children from pornography websites.
Finland's National Cyber Security Centre warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims' friends in Facebook Messenger chats. In the alert, the NCSC-FI says that all Facebook users who received messages from online acquaintances asking for their phone numbers and a verification number delivered via SMS are the targets of this ongoing scam.
Tons of users are reporting their Facebook Create React App builds are failing since yesterday. Create React App is an open source project produced by Facebook and made available on both GitHub and npm to help developers build single-page React applications fast.
"Privacy Center provides helpful information about five common privacy topics: sharing, security, data collection, data use and ads," the social technology firm said in a press release. Users part of the pilot will be able to access Privacy Center by navigating to Settings and Privacy on the desktop version of Facebook.
The Commission nationale de l'informatique et des libertés, France's data protection watchdog, has slapped Facebook and Google with fines of €150 million and €60 million for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology. HTTP cookies are small pieces of data created while a user is browsing a website and placed on the user's computer or other device by the user's web browser to track online activity across the web and store information about the browsing sessions, including logins and details entered in form fields such as names and addresses.
France's National Commission on Informatics and Liberty, the country's data privacy and protection body, has announced a 60 million euro sanction against Facebook and a 150 million euro penalty against Google. As a result, today CNIL announced an administrative fine of 60 million Euros against Facebook Ireland Ltd. and an additional 100,000 Euros per day of delay of compliance, starting from March 2022.