Posted on October 3, 2020 at 1:57 PM
It has been sixteen years since the foundation of Facebook, which is currently still the largest social media network in the world. However, in addition to being the largest, it is easily the most controversial one.
Over the years, Facebook has been going from one fiasco to the next one, constantly receiving bad press for a number of security incidents.
Most people still remember the Cambridge Analytica quite well, where Facebook allegedly allowed (or at least failed to detect) a data firm to harvest the data of the platform’s users. Then, there were numerous hacking incidents that revolved in data leaks.
However, while successful attacks on Facebook are not a thing that anyone should take lightly, it is far more concerning if data simply leaks due to the company’s failure to protect it, or even intentional harvesting and sale.
With that said, there was one hack that managed to go undetected for nearly two years, and that ended up robbing Facebook users not only of their data, but of $4 million, as well.
Recently, new information about the incident has surfaced, and this revelation makes it that much more important for users to protect their accounts adequately. Here is what happened, and how it all went down.
How Facebook hackers stole $4 million from its users
As you know, hackers are usually after money, except when they are trying to prove a point, or steal data that they will sell to, once again, acquire money.
Now, Facebook itself makes the most of its profits through advertisement, and as such, it doesn’t lack valuable data such as credit card numbers or passwords that are in danger of leaking. When this attack happened, there was no credit card number leak, but money was still stolen, although in a somewhat different way from what you might expect.
What happened is that a group of Chinese hackers created a malware known as SilentFade, and with it in its arsenal, the group hacked multiple Facebook accounts. The malware was mixed with a pirated software that, in itself, was not tied to Facebook. However, it used the software to get the malware onto the victims’ computers.
Once inside, the malware scanned their browsers for login cookies, and similar methods of breaking into the accounts.
Once the accounts were in the hackers’ possession, they used the payment information that was available to start buying Facebook ads. The ads themselves offered all kinds of shady products and offers, which undoubtedly allowed them to earn even more. But, the main thing is that hackers used users’ money to buy these ads, and they kept the scheme going for two years, between 2016 and 2018.
After discovering the operation eventually, Facebook shut it all down, and even tried to legally pursue the attackers. These days, this kind of malware is not going to work, the company has seen to that. However, it does show that there are indirect ways for users’ accounts to get hacked, and their money stolen.
Why does this matter in 2020?
The reason why this is relevant now — two years after the attack was discovered, and four years after it started — is the fact that Facebook is rolling out a new account option called Facebook Account Center.
This is a new, unified control panel that will make it easier for users to access all of their accounts at the same time. That includes their Instagram and WhatsApp accounts as well, and they share all of their payment data with Facebook through the new panel.
Users still can (and should) make separate passwords for all of the accounts, although it is important for them to set up new passwords, that will make them safe from any past breaches.
On top of that, it is recommended to enable two-factor authentication, which will require a code whenever someone tries to log in to the users’ accounts from unknown devices.
The fact that it took Facebook two years to come clean about the details of the hack is concerning, but it is also a major eye-opener for its users. With new information available, users should make the best of it and ensure that their security will be as best as it can be, to prevent being exploited once the next group of hackers come up with some approach that security researchers and Facebook itself did not think of before.