【有无你份】FB逾2900万用户遭入侵 即Check是否安全
2018-10-13 15:20 
社交网站Facebook两星期前发现安全漏洞,黑客可控制约2900万个帐户,较原先估计的5000万个少。
Facebook用户若要检查自己的个人资料有否外泄,登入自己的帐户后,浏览「帮助中心」(https://www.facebook.com/help/securitynotice?ref=sec)页面,卷到页面最底,会有一个蓝色版面,提示用户的个人资料是否受牵连。
用户主要会见到3款不同结果,视乎个别用户被入侵影响的程度。绝大多数的用户,会看到:「根据我们目前所知,您的脸书帐户并未受到此安全事件影响。如果我们发现有更多脸书帐户受影响,我们将重置其访问令牌(tokens)并通知这些帐户。」
Facebook指,其中1500万个受影响用户黑客可以存取用户的名字、电邮地址、手机号码等,另外1400万个受影响用户有更多个人资料外泄,包括家乡、生日、之前10个登入过的网页、过去15个搜寻目标等等。
| 第一款结果(绝大多数的用户) | Based on what we've learned so far, your Facebook account has not been impacted by this security incident. If we find more Facebook accounts were impacted, we will reset their access tokens and notify those accounts. |
| 第二款结果(约1500万用户) | Yes. Based on what we've learned so far in our investigation, attackers accessed the following Facebook account information: * Name. * Primary email address. * Most recently added phone number. Based on what we've learned so far in our investigation, the attackers did not gain access to certain information, such as: * Account passwords. * Payment card or credit card information. |
| 第三款结果(约1400万用户) | Yes. Based on what we've learned so far in our investigation, attackers accessed the following Facebook account information: * Name. * Primary email address. * Most recently added phone number. Additionally, the attackers also accessed other account information, including: * The following information associated with your Facebook account: * Username. * Date of birth. * Gender. * Types of the devices you've used to access Facebook. * The language you choose to use Facebook in. * If you previously added this specific information to your Facebook account, it was also accessed: * Relationship status. * Religion. * Hometown. * Current city. * Work. * Education. * Website. * The 10 most recent locations you've checked in to or been tagged in. These locations are determined by the places named in the posts, such as a landmark or restaurant, not location data from a device. * The 15 most recent searches you've entered into the Facebook search bar. * People or Pages you follow on Facebook. A small subset of Facebook accounts, including yours, had additional Facebook information made available to the attackers. Learn more about how this information was made available. This is specifically information that appears when viewing your own profile and includes additional information, such as: * Posts from your timeline. * Your Friends list. * Messenger conversation names, but not their contents. * If you are a Page admin, you may have also had messages to your Page made available to the attackers. * Groups you're a member of. Based on what we've learned so far in our investigation, the attackers did not gain access to certain information, such as: * Account passwords. * Payment card or credit card information. |
读者可以自行去检查自己是否受害人。Facebook表示,如果用户的帐户确曾被骇,此时无需采取任何措施来保护自己的帐号。你的密码并没有被盗,所以不需要更改密码。黑客成功入侵是取得了访问tokens让他们得以登入。
Facebook在9月底黑客入侵后,已重新设置tokens。这就是为什么你可能在9月下旬的某一天,发现自己的Facebook帐户被登出了。
關鍵字
最新回应