Facebook breach: NPC asks users to enable multi-factor authentication
Make use of multi-factor authentication to protect yourself.
The National Privacy Commission (NPC) headed by Commissioner Raymund E. Liboro on Saturday, September 29, asked all Filipinos with Facebook accounts to commit to multi-factor authentication.
Liboro made this advice after receiving information from the social networking giant about the hacking attack on 50 million of its users.
He said the NPC has prescribed breach management procedures in place and expects Facebook to abide by these rules.
“The NPC shall notify the public about developments and its actions on this matter. To protect themselves, all Facebook users must enable multi-factor authentication on all platforms, employ strong passwords, and practice good digital hygiene,” said Liboro in a statement sent to journalists.
Here’s the full NPC statement:
At around 12:49 AM of September 28, we received informal notice from Facebook representatives that they had found a vulnerability in their app that was exploited by malicious attackers.
Facebook claims that the vulnerability affected around fifty million users, exposing personal data stored in their Facebook profiles.
The vulnerability was attributed to a combination of several programming errors in updates made in July 2017. As a result, malicious intruders were able to generate access tokens.
These access tokens allowed the intruders to log into affected FB profiles as if they were the actual profile holders. This means they had the ability to access data reserved for account holders even without having to enter the user’s password.
As a remediation measure, FB terminated the sessions of persons it identified as having been affected and had them enter their login credentials again. This morning, the company has notified affected users of the incident. We have informed Facebook, however, that the notification it sent to individuals leaves much to be desired.
According to the company’s representatives, the investigation is still in its early stages. They have not determined yet how many Filipinos are affected and whether misuse of personal information had resulted from this breach.
The NPC has prescribed breach management procedures in place and we expect Facebook to abide by these rules.
The NPC shall notify the public about developments and its actions on this matter. To protect themselves, all Facebook users must enable multi-factor authentication on all platforms, employ strong passwords, and practice good digital hygiene. (NPC)