【有無你份】FB逾2900萬用戶遭入侵 即Check是否安全
2018-10-13 15:20
社交網站Facebook兩星期前發現安全漏洞,黑客可控制約2900萬個帳戶,較原先估計的5000萬個少。
Facebook用戶若要檢查自己的個人資料有否外泄,登入自己的帳戶後,瀏覽「幫助中心」(https://www.facebook.com/help/securitynotice?ref=sec)頁面,捲到頁面最底,會有一個藍色版面,提示用戶的個人資料是否受牽連。
用戶主要會見到3款不同結果,視乎個別用戶被入侵影響的程度。絕大多數的用戶,會看到:「根據我們目前所知,您的臉書帳戶並未受到此安全事件影響。如果我們發現有更多臉書帳戶受影響,我們將重置其訪問令牌(tokens)並通知這些帳戶。」
Facebook指,其中1500萬個受影響用戶黑客可以存取用戶的名字、電郵地址、手機號碼等,另外1400萬個受影響用戶有更多個人資料外泄,包括家鄉、生日、之前10個登入過的網頁、過去15個搜尋目標等等。
第一款結果(絕大多數的用戶) | Based on what we've learned so far, your Facebook account has not been impacted by this security incident. If we find more Facebook accounts were impacted, we will reset their access tokens and notify those accounts. |
第二款結果(約1500萬用戶) | Yes. Based on what we've learned so far in our investigation, attackers accessed the following Facebook account information: * Name. * Primary email address. * Most recently added phone number. Based on what we've learned so far in our investigation, the attackers did not gain access to certain information, such as: * Account passwords. * Payment card or credit card information. |
第三款結果(約1400萬用戶) | Yes. Based on what we've learned so far in our investigation, attackers accessed the following Facebook account information: * Name. * Primary email address. * Most recently added phone number. Additionally, the attackers also accessed other account information, including: * The following information associated with your Facebook account: * Username. * Date of birth. * Gender. * Types of the devices you've used to access Facebook. * The language you choose to use Facebook in. * If you previously added this specific information to your Facebook account, it was also accessed: * Relationship status. * Religion. * Hometown. * Current city. * Work. * Education. * Website. * The 10 most recent locations you've checked in to or been tagged in. These locations are determined by the places named in the posts, such as a landmark or restaurant, not location data from a device. * The 15 most recent searches you've entered into the Facebook search bar. * People or Pages you follow on Facebook. A small subset of Facebook accounts, including yours, had additional Facebook information made available to the attackers. Learn more about how this information was made available. This is specifically information that appears when viewing your own profile and includes additional information, such as: * Posts from your timeline. * Your Friends list. * Messenger conversation names, but not their contents. * If you are a Page admin, you may have also had messages to your Page made available to the attackers. * Groups you're a member of. Based on what we've learned so far in our investigation, the attackers did not gain access to certain information, such as: * Account passwords. * Payment card or credit card information. |
讀者可以自行去檢查自己是否受害人。Facebook表示,如果用戶的帳戶確曾被駭,此時無需採取任何措施來保護自己的帳號。你的密碼並沒有被盜,所以不需要更改密碼。黑客成功入侵是取得了訪問tokens讓他們得以登入。
Facebook在9月底黑客入侵後,已重新設置tokens。這就是為什麼你可能在9月下旬的某一天,發現自己的Facebook帳戶被登出了。
關鍵字
最新回應