Security News

Russia has blocked access to the Facebook social network after Meta, Facebook's parent company, deactivated or restricted access to accounts belonging pr-Kremlin media outlets and news agencies, including RIA Novosti, Sputnik, and Russia Today. "On March 4, 2022, a decision was made to block access to the Facebook network in the Russian Federation," Roskomnadzor stated.

Multiple Chrome browser extensions make use of a session token for Meta's Facebook that grants access to signed-in users' social network data in a way that violates the company's policies and leaves users open to potential privacy violations. Security researcher Zach Edwards last week noted that Brave had blocked a Chrome extension called L.O.C. out of concern it exposed the user's Facebook data to a third-party server without any notice or permission prompt.

Meta Platforms has agreed to pay $90 million to settle a lawsuit over the company's use of cookies to allegedly track Facebook users' internet activity even after they had logged off from the platform. The social media company will be required to delete all of the data it illegally collected from those users.

A malicious developer could harvest Facebook data using the same access method, because Facebook is exposing a plain-text token that grants what security researcher Zach Edwards describes as "God mode." The request returns an access token to the extension for the logged-in Facebook user, allowing further programmatic interactions with Facebook data.

Meta has filed a joint lawsuit with Chime, a financial technology and digital banking company, against two Nigerian individuals who allegedly used Instagram and Facebook accounts to impersonate Chime and target its users in phishing attacks. The two defendants, Arafat Eniola Arowokoko and Arowokoko Afeez Opeyemi, presumably used a network of at least five Facebook accounts and over 800 Instagram accounts to impersonate the fintech company, attempting to take over customers' accounts.

How to enable end-to-end encryption in Facebook Messenger. End-to-end encryption is not enabled by default in Facebook Messenger.

Adults will have to hand over credit card or passport details before they can access social media sites, the British government threatened this morning. Internet use age verification - first floated and then abandoned via the country's 2017 Digital Economy Act - will return in the UK's Online Safety Bill, digital minister Chris Philp MP has vowed, linking the technology, widely criticised by privacy activists, to protecting children from pornography websites.

Finland's National Cyber Security Centre warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims' friends in Facebook Messenger chats. In the alert, the NCSC-FI says that all Facebook users who received messages from online acquaintances asking for their phone numbers and a verification number delivered via SMS are the targets of this ongoing scam.

Tons of users are reporting their Facebook Create React App builds are failing since yesterday. Create React App is an open source project produced by Facebook and made available on both GitHub and npm to help developers build single-page React applications fast.

"Privacy Center provides helpful information about five common privacy topics: sharing, security, data collection, data use and ads," the social technology firm said in a press release. Users part of the pilot will be able to access Privacy Center by navigating to Settings and Privacy on the desktop version of Facebook.