Facebook flaw allows any message to be changed

By on
Facebook flaw allows any message to be changed
Mark Zuckerberg

Security vendor Check Point has released details of a vulnerability found in Facebook Messenger in the last week of May.

The vulnerability allowed for any sent message, photo, file and link to be modified after sending.

"By exploiting this vulnerability, cybercriminals could change a whole chat thread without the victim realising, what’s worse. The hacker could implement automation techniques to continually outsmart security measures for long-term chat alterations," Check Point head of products vulnerability research Oded Vanunu said.

The flaw - which has since been fixed - allowed hackers to insert infected links or files to existing messages, starting a ransomware campaign.

These campaigns lasted only several days because the infected links and the command and control addresses became known and blocked by security vendors, forcing the attacker to shut down his activity.

The vulnerability found in Facebook's Messenger allowed the attacker to implement automation techniques to continually outsmart security measures when the command & control servers were replaced, according to Check Point.

Mark Zuckerberg hacked

On Monday it was reported that Facebook chief executive Mark Zuckerberg had both his Twitter and Pintrest accounts hacked according to a report on VentureBeat.

Reuters reported a Facebook spokesman as saying the accounts have since been "re-secured using best practices," and "no Facebook systems or accounts were accessed".

Zuckerberg have allegedly used the same password 'dadada' for both accounts that facilitated the hack.

"He used a dumb password – because passwords are hard to remember, and we have too many of them. He re-used that password across sites – because we use dozens of apps, sites, and services every day, and can’t be expected to do something better. That password was either cracked in milliseconds, or stolen," Centrify security strategist Chris Webber said.

"If he’d had MFA (multi factor authentication) on these accounts, the security test would have been much harder. The testers would have his password, but not his second factor, and would likely have been satisfied with that level of security."

Last month more than 100 million LinkledIn customer credentials were reported as being on sale on the dark web. The credentials are linked to a 2012 breach.

Microsoft announced last week that it is banning easy passwords in order to protect users and passwords in the Microsoft Account System and private preview Azure AD.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © nextmedia Pty Ltd. All rights reserved.
Tags:
check point facebook hack security

Partner Content

Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Comms Group to spend $10m to buy TasmaNet business and assets

Comms Group to spend $10m to buy TasmaNet business and assets

Log in

Email:
Password:
  |  Forgot your password?