Hacks of the Month: October
When technology is introduced into our lives, people always try to test it to the breaking point and see what they can find. Although October isn’t even halfway over, we’ve already seen 3 major security issues. The companies of the month that had the flaws are Google, Facebook, and NewEgg.
Let’s start with Google. While Google was busy trying to compete in the social media business, they left some issues that nobody seemed to notice. Because Google has such a wide grasp on products from phones and computers to their software products including YouTube and Gmail, most people had to create accounts somewhere in the google servers.
Because Google Plus never took off like they planned, most people ignored the platform. While this security flaw didn’t contain any private financial information, it still exposed one’s age, occupation, place of residency, etc. Most of these things can be found in other places online, such as LinkedIn or YellowPages. People had an issue only because this has been there since 2015 and nobody knew until recently.
The bigger security flaw this month comes from Facebook. It is being referred to as the “View As” hack. Initially, the purpose of this feature was to view your profile as another user, either generic or specific. This was to promote safety and ensure that only the people you want to see your posts can. What hackers discovered was when you view as a specific person, you gain access to their account token. An account token is specific per person and no two have the same one.
The token stores the account information to log in, including email and password. By gaining access to the token, one can manipulate the URL and access other’s accounts without inputting those fields. Luckily, Facebook has a separate place for financial information in which you have to verify passwords instead of tokens, so no financial information was gained by hackers. Roughly 50 million accounts were logged out by Facebook and given new tokens, so that they won’t be hit again.
Lastly, the only security flaw that could hurt you financially comes from NewEgg. Hackers got into their system and put in code that skimmed credit card information without alerting authorities. NewEgg states that if you made purchases between August 14th and September 18th, you should check your bank account just in case. No account information was gained, so password change isn’t needed.
And that wraps up this month’s hacks so far.