Facebook hacked: I’m so sick of Facebook and so is everyone else

Facebook hacked: I’m so sick of Facebook and so is everyone else

Facebook, are you kidding me? Here, just read what the company has told us, which is the only thing anybody knows about it (bold mine):

—-

By Guy Rosen, [Facebook] VP of Product Management

On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.

Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.

Here is the action we have already taken. First, we’ve fixed the vulnerability and informed law enforcement.

Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.

Third, we’re temporarily turning off the “View As” feature while we conduct a thorough security review.

This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.

Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.

People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened. There’s no need for anyone to change their passwords. But people who are having trouble logging back into Facebook — for example because they’ve forgotten their password — should visit our Help Center. And if anyone wants to take the precautionary action of logging out of Facebook, they should visit the “Security and Login” section in settings. It lists the places people are logged into Facebook with a one-click option to log out of them all.

—-

All right, Cody back here, and let’s pick this sucker apart, because as a shareholder of Facebook and as one of the people’s account was apparently affected since I’m being asked to log back into Facebook now, I’m sick to my stomach about this. Oh geez.

We have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook.

I don’t know what “View As” is and I’ve never used it so I’m in the group of 50 million Facebook accounts that they let get hacked. Great, Facebook, great.

This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.

Here they’re trying to avoid blame….”the attackers not only needed to do this one thing, but they even had to do another thing to get their hack to work.” I don’t care. Do your job as Tom Brady famously yelled at his teammates the other day.

People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened.

No, Facebook, you’re just bs’ing all of us now. Your entire business model (that I invested in when the stock was in the $20s) is built on violating people’s privacy. And if security was incredibly important to you, you wouldn’t have let my account get hacked. Taking immediate action to secure my account AFTER you let it get hacked and letting me know you let my account get hacked is just about the least you can do.

There’s no need for anyone to change their passwords.

I call BS again. I’m changing my passwords on Facebook if I even decide to log back in to Facebook ever again. I’m not sure I want to even post anything to Facebook any more. I gave up consuming the crap on Facebook several months ago.

As for the stock. Well, like I said, I made it a top-3 largest position in my portfolio when it was back in the $20s and even bought some when it was briefly below $20 a share back after its post-IPO crash.

Just three days ago, I wrote, “I don’t think I’ll freak out and sell any more FB today off that news, but I do need to sit back and spend a few days immersed in Facebook analysis. The stock is trading at 22x next year’s earnings which isn’t terribly expensive and could be considered quite cheap if the company delivers another 25% topline growth next year as analysts expect it will. Sitting tight on FB, which I’ve taken profits on higher, for now.” in response to this question, “Cody, FB just can’t seem to get out of its own way. Instagram founders leaving. Plus possibly more government scrutiny? I know generally you feel government threats don’t amount to much. I’m still holding as i know you feel in the future FB will sell higher than $160. Any new thoughts? Thanks.”

Well, the news earlier this week that Instagram founders were leaving has new color now, doesn’t it? For all we know when they found out that 50 million users of the company that they’d sold out to had been hacked, they went into Mark Zuckerberg’s office and were like, “This is the last straw, Zuck.”

We’ve made a ton of money on Facebook as it rose a full 10x from the price paid for some our shares, as it went from $20 to $200. And we’ve taken some nice profits on some of our common stock and even had a few homerun call options in Facebook in the early years too.

And I’m not sure if I’m in the same boat I picture those Instagram founders being in, that this hack of my personal Facebook account might be the last straw. And it might be the last straw for me holding the stock in addition to it perhaps being the last straw for me posting to Facebook. The two are quite separate issues, and I’m certainly not going to sell my long-held FB position out of anger today. But I’m pretty mad. And I bet tens of millions if not hundreds of millions of Facebook users are pretty mad yet again today too.

I’ll let Trading With Cody subscribers know if I decide to sell my FB stock next week. Which, for the first time since I bought it just over six years ago, I just might.