Example blog

Do you use Gmail to connect to Facebook? You risk being hacked

You probably know someone whose Facebook account has been hacked. You’d think a company as big and powerful as Meta would be better at preventing this sort of thing, but it’s all too common.

Hackers hijack social media accounts to spread malware, steal personal and financial information, and spread lies. And the problem is, you might not even know your account has been compromised until it’s too late. Tap or click here for warning signs to watch out for.

A hacker who gains access to one of your accounts can use it to cause damage elsewhere. That’s why we recommend using unique IDs with strong passwords for all your accounts. A security researcher was able to hijack Facebook accounts by users logging in with their Gmail credentials.

Here is the backstory

Do you log in to your Facebook account with Gmail? We’ve warned you about using the same account for multiple logins, and here’s a great example of why you shouldn’t.

Security researcher Youssef Sammouda showed that a malicious actor could hijack a Facebook account after stealing a Gmail OAuth ID/code used to log in to Facebook.

OAuth is a common authentication framework that allows you to grant limited access from one application to another. You see it when you use your Facebook or Gmail account to log into other accounts. You have access to this account without providing your login credentials.

Sammouda was able to string together several bugs using Google OAuth to exploit a series of Facebook vulnerabilities. “We log the user out of their Facebook account, we force log into the attacker’s Facebook account,” Sammouda told The Daily Swig.

Sammouda reported the bugs to Meta on February 16, and the company fixed the issue on March 21. Meta paid Sammouda a bug bounty of $44,625 for his work.

RELATED: Facebook privacy settings: the most important security checks to do now

Reduce your chances of being hacked

Use unique usernames and passwords for your accounts. It might sound like a pain, but password managers simplify the process by generating and storing login credentials for all your devices and accounts.

Password managers can be installed as software or accessed through a website, browser extension, or the cloud. Tap or click here for everything you need to know about password managers.

Make sure your email address/login number and password are stored securely. Set up your email address or recovery number in case your account is compromised.

To add a second email address to your Facebook account on PC:

  • Click the down arrow in the upper right corner.
  • Go to Settings and Privacy > Settings.
  • Select Account settings in the left pane and click Edit close to Contact.
  • Select Add another email address or mobile number.
  • Enter an email address or phone number that you have access to and click Do.
  • ATP Add your phone number? to add and confirm a number.

To add a second email address to your Facebook account on iPhone/Android:

  • Open the Facebook app and tap the gear icon in the upper right corner.
  • Faucet Personal informationthen Contact information.
  • Faucet Add a phone number Where Add an email address and enter the information, then validate.

Follow these rules to up your cybersecurity game on all your accounts:

  • Use two-factor authentication (2FA) when available for better security. Tap or click here for more details on 2FA.
  • Keep your operating systems, apps, and devices updated with the latest official software and patches.
  • Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for just $19 at ProtectWithKim.com. That’s over 85% off the regular price!

keep reading

Want a piece of a $90 million Facebook class action lawsuit? Submit a claim now

Cybersecurity check: see if someone is digging into your Gmail, Facebook or Netflix account

Source link