FACEBOOK LOSES BID TO BLOCK LAWSUITS FROM USERS

FACEBOOK'S CASE:

Facebook told the court that they don't feel they should be held liable for the charge of failing to protect user information when their site was hacked on September 14, 2018.

Facebook lost to a US District Court Judge's decision on June 21, 2019

Facebook said that because no harm had been done to those Facebook users who already had their settings on PUBLIC (the setting where anyone can see their info) so therefore their private information was not so private and had not been stolen at all - it was freely provided. Facebook said that those users should not be included in the Class Action Lawsuit against them. If a judge agrees, this will eliminate several millions of users.

Facebook also claimed that there have been no reported incidents by users where hackers stole their financial info or passwords.

Facebook said that users who were not actually hacked should also be excluded from the Class Action Lawsuit. This will further eliminate many millions of more users

QUESTION FOR READERS:
Jeff Nelson, the guy in the picture below, truly is a hack waiting to happen because he is literally offering up his information (for free!) on a silver platter. If someone like Jeff exposes all their information, does that mean Facebook should be allowed to remove them from the class action lawsuit because their information was never private in the first place?

This guy is a hack waiting to happen

WTF???? How many people do you know have actually REPORTED TO FACEBOOK that they have been hacked?

Most people are too embarrassed to admit they have been hacked

Although more than half of Facebook's hacked users are too embarrassed to even talk about it much less report it to Facebook, and the other half of Facebook users typically write a Public status telling their friends and followers that they have been hacked.

Heads up! That status is NOT reporting it to Facebook. It is reporting it to your friends and followers!

When people don't report that they have been hacked, those statistics don't reach Facebook. An unreported hacking allows Facebook to continue to claim their site is safe.

THE JUDGE'S RESPONSE

On June 21, 2019, U.S. District Judge William Alsup disagreed with Facebook and said they should be held liable. He said that reasonable care was not taken in handling the personal information of 50 million or more Facebook users and that the breach also helps businesses who can profit by using the stolen data.

IN PLAIN LANGUAGE:

When Facebook was hacked on September 14, 2018, bad actors (hackers) were able to access the personal information of 50 million users -- such as their date of birth, phone numbers, location by IP address, names of trusted contacts, account recovery methods, private messages, and names of family member and the live links to their Facebook accounts.

You may remember that some of this information is what Facebook insists that they NEED should you get locked out of your account.

But, as you might have learned, Facebook really doesn't need all of it.

Facebook users volunteer too much information - freely. 

Facebook knew of the breach but didn't tell the public right away. They only got concerned when hackers stole each user's digital access tokens because the tokens allowed hackers to have unauthorized and unlimited access to Facebook accounts - which amounts to 'hacking without effort.'

ABOUT DIGITAL ACCESS TOKENS

When stolen digital access tokens are used by unauthorized people, the real Facebook owners are not aware of another person's presence on their account.

However, they can learn of it if they personally check "WHERE YOU ARE LOGGED IN" section to look for locations that are NOT their own.

When you see different locations, it is safe to assume you have an intruder

When the hacker is the only one on an account after your password has been cracked, the hacker then changes the password to his own.

Now the new password is recorded by the account's digital access token and your old information that was previously on the token is deleted because the new information overrides it.

This is why old passwords do not work.

When the real Facebook user tries to get back onto their account, the digital access token only remembers the last information that was keyed in as the true credentials to access the account.

The 'remember login' function remembers by using a digital access token

Although hacking a user password is still the number one way that hackers steal Facebook accounts, the digital access token is what allows the hacker to keep the account so the original owner never gets it back.

This digital access token is what works with the REMEMBER ME checkbox that Facebook offers to its users to be able to get onto their account by tapping a profile picture to login. The token has coding that remembers your login information so you don't have to manually type it in each time you want to login.

The digital access token also allows a user to STAY logged in over a period of days, weeks, or months without having to log in manually each day.

You will know this token is active when you see a list of "active sessions" of two or more logins showing dates older than today, and showing places where you are still logged in.

OUR TAKE ON THIS:

This is why we warn you NOT to log out by tapping the X at the top right of your Facebook screen.

The X does not log you out. It only closes your Facebook screen.

You should be tapping the down arrow at the top right of your Facebook screen, then select LOG OUT from the drop-down menu.

We also tell you not to allow a long list of login sessions to build up because these are open sessions that anyone can use to get onto your Facebook account.

Allowing a list of logins to remain in place is an invitation to a hacker

In short, an Open Session means your password or user name is NOT needed to get on your account. Any open session can be used because you are already signed in.

:::::SELF-TEST YOUR ACCOUNT:::::

After you turn on your device and get on the internet, if you can see your Facebook newsfeed or profile screen without typing in your user /password information -- then you NEVER LOGGED OUT CORRECTLY.

You are still logged in and have been all that time because of an Open Session.

The fix? Close the connection by going to - Settings>>>Security and Login>>>Where You Are Logged In - and tap END SESSION on each session.

Then log out of your account using the drop-down arrow and tapping the words LOG OUT. Don't login again yet.

First, change your password and then login to make a new connection. When you are done, use drop down arrow again and choose LOG OUT.

WOW!

In another case, Facebook is preparing to pay $5 billion to the Federal Trade Commission (FTC) that will pay off the US government to put aside Facebook's involvement of their owned app called What's App - and their knowledge of the app improperly sharing the personal information of millions of its users with Cambridge Analytica.

Does that seem fair that you can pay a fine and it wipes your record clean of wrongdoing?

You will remember that Cambridge Analytica is the company hired by Donald Trump presidential election campaign who used two separate third-party apps (What's App and nametests.com) to hack Facebook's vast database for a list of user names, addresses, phone numbers, work locations and their voting party in order to sway their votes away from Hilary Clinton so he could win the Presidency of the United States. Yet this has never been labeled as election tampering.

In a separate case, Cambridge Analytica is still being pursued by the Federal Trade Commission for its involvement in the illegal activities of being the entity who provided the Trump campaign with user data.

THE JUDGE'S RULING

The judge ruled that regardless of each user's Facebook account privacy settings, that the Class-Action lawsuits against Facebook will go forward and in a timely manner.

There are 11 class-action lawsuits which were consolidated into one case.

There is another case which includes ten complaints about a breach of contract, negligence, and violations of unfair competition law.

Judge Alsup also said user concerns are worth “real money,” rather than “some cosmetic injunctive relief” - referring to Facebook's solution of logging out, changing password, and logging back in again - which, he said, is not adequate compensation.

Sources:

https://www.wsj.com/articles/facebook-privacy-settlement-delayed-by-ftc-split-11558725423

https://thehackernews.com/2018/09/facebook-account-hack.html

https://www.cyberscoop.com/facebook-class-action-lawsuit-moves-forward/

Please share our posts with your friends so they can enjoy our websites too. Thank you.

WHAT TO DO IF YOU THINK YOU HAVE BEEN HACKED

 We have other tutorials on our site with step-by-step directions on how to remove a hacker from your account, how to regain your account if you lost it, and how to guard against being hacked.  

This tutorial addresses what you can do if you think someone else has been on your account (or still is).  

Before starting this tutorial, go to SETTINGS>>>WHERE YOU ARE LOGGED IN to make sure you are the only one on your Facebook account right now.  

If you see ANY location that is not you, click END SESSION or LOG OUT on all of them except the one you are using now.  

Then change your password.  If you get logged out, log in again with the new password. Then continue this tutorial.  



You need to have access to your Facebook account in order to perform Facebook's self-guided tutorial at this link. It is very easy to follow the directions.

https://www.facebook.com/hacked 

On the first screen, select the choice that is closest to your situation. 

Facebook offers help steps

Caution:  If you choose "I don't see the right option on this list" - Facebook will assume you have been hacked. You will immediately be redirected to this screen to secure your account. 

If you select any other choice on the above list, Facebook will hold your hand and walk you through the steps.  

If you think you ended up in the wrong place or if you change your mind and want to quit, click on your name on the blue Facebook bar at the top of your screen. This will stop the process and send you back to your regular Facebook desktop.  

It will not save any of your progress. 

If you want to try again, you will need to start from the beginning.


If you get logged out, log back in again.

If you are learning stuff from our blog, please tell your friends so they can come read our posts too.   Thank you.

FACEBOOK ACCOUNTS BREACHED April 3, 2019

At around 1pm EST on Wednesday, April 3, 2019, the people at Facebook who are supposed to make sure your data is safe - yeah, that Facebook - they have, once again, blown it.

Bloomberg news service reports that UpGuard, a cybersecurity firm, discovered today that millions of Facebook users records were uploaded to Amazon's cloud servers. 

Why is this news?  Because Amazon's servers have no password and they are 100% totally accessible to the public.

This is not Facebook's first rodeo when it comes to breaches. Three months ago in December 2018, Facebook users saw their photos were breached by third-party developers and databases where every developer had access to private user photos. 

This time, a Mexican business, Cultura Colectiva, was found to be openly storing 540 million sensitive Facebook records including ID numbers, passwords, comments, reactions, and account names.   

The discovery shows that Facebook still hasn’t done enough to protect private user data.

Also, another Amazon server was found with names, passwords, and email addresses for some 22,000 people, associated with a now defunct app called "At the Pool." UpGuard said that it didn't know how long that data had been exposed.

These developers and companies have free access because they have data-sharing deals with Apple, Amazon, Microsoft, and Sony, plus people being able to look up strangers based on phone numbers submitted for two-factor authentication. 

How many times have you looked up a phone number or address for someone using whitepages dot com or Spokeo or similar info sites?  The data has to be uploaded somewhere, stored somewhere and kept available so that when YOU do a search for the information, you get it.

So why isn't that information being safeguarded or password protected?

Because no one would be able to freely upload data to add to records, correct information and update records with new data - like a marriage, birth or death, change of address and change of phone number.

Amazon's cloud is freely accessible to upload, download and view - all without any restrictions.

By far the biggest breach was Cambridge Analytica, which has attracted investigations by the U.S. and U.K. over voter data collected without most users' consent. In late March 2019, Facebook was found to be keeping "hundreds of millions" of unencrypted passwords on internal servers.

Facebook could potentially end up paying billions in U.S. fines as a result of these breaches. 

You can finish reading the article here:

https://www.bloomberg.com/news/articles/2019-04-03/millions-of-facebook-records-found-on-amazon-cloud-servers

and here:

https://sanfrancisco.cbslocal.com/2019/04/03/facebook-data-breach-records-exposed-amazon-cloud-servers/

  

YOUR PROFILE PICTURE AND YOU

TO HAVE OR HAVE NOT 

In the case of a profile picture, it is better to have one than to not have one.

NEGATIVES

• By not having one, your account has the same silhouette that a deactivated account displays. You could be mistaken for one of them so that when people are cleaning their friends list of dead accounts, yours will be deleted too.

• By not having one, you are telling search engines that you are not a real person, you are a robot.

• By not having one, you will not be taken seriously when you post something important.

• By not having one, there are certain Facebook groups who won't approve your request to join until you put one in the spot.

• By not having one, you are telling a Hacker that you don't know how to put up a profile picture. He'll assume that if your skills are lacking there, that they are lacking everywhere and assume that your account is not very secure.   

POSITIVES

• By having one, you are giving your friends and prospective friends something and someone to relate to. 

• By having one, you are more likely to have your friend requests accepted right away.

• By having one, you are giving your public a little insight into who you are.

• By having one, a Hacker will not notice you as much as he would if you didn't have a picture in place.

• By having one, you are more likely to be accepted into groups you want to join.

• By having one, you will never be mistaken for a deactivated account so that you're deleted in error.  Deactivated accounts have no profile picture because there's no one home on the account.

USING PICTURES OF PETS AND KIDS

Since we use social media to connect with other people, your profile and your profile picture are supposed to tell something about YOU, not your kids, and not your pets. Those precious babies may be your whole world, but they aren't YOU. 



When you use a picture of your pets or your kids as your profile picture, it doesn't give any insight about YOU.  You can mention you have pets and kids in your bio, notes and photo albums if you want to show them off, but the last place they belong is as a profile picture.



Your profile picture topic should be about something that is your main focus.  It is one of the few places on Facebook that can give advance information about you to people who are not yet your friends.




A game profile picture has become acceptable on Facebook because of the amount of friending that goes on for games.  It's hard to say what Facebook is more well known for - games, groups, or making friends.  While having a game profile picture is advantageous from the games aspect, for the non-gamers that you want to friend, a gamer profile picture will only serve to tell them that you are primarily a gamer and that the games are your main focus.



EXPERIMENT 
Put up a game icon as a profile picture and leave it in place for a month. What you are looking for is to see if it attracts the types of friends you are looking for - gamers. At the end of a month, change it to something which is exactly opposite from what you had in place.  Note if there is any difference between the two types of friend requests you received.




CHANGING YOUR PROFILE PICTURE AND/OR COVER PICTURE

For some reason, changing your profile picture gets Facebook's attention and if you do it too often, they suspect your account is exhibiting unusual behavior (possibly hacked). This can cause them to suspend some of your privileges or completely lock you out of your Facebook account for 24 hours or more.


Changing your profile picture also causes a Facebook glitch and that glitch is that your settings are totally bare for as long as it takes you to change your profile picture. We've known users who start to do it, then go make dinner, or put their kids to bed and left it wide open for up to 4 hours. When they came back to their computer, they found themselves locked out of their account because it was hacked.



Most hacked Facebook users don't believe it until it happens to them.  Experienced hackers will scope out a specific account that sent up a red flag in one way (possibly by sharing pictures or links) and they'll watch for the precise time when the user changes their profile or cover picture. If they never change their profile or cover picture, the hacker is content to sit until the user has shared a few more websites to their timeline. In our experience, twelve is the magic number. 



Hackers take advantage of that glitch which can last as long as five minutes. It only takes 60 seconds to hack a Facebook account -- less if he is a pro and more if he is a novice. 


Cally and John have been working in account recovery since 2007 and in nearly every case they've helped, on each hacked account either the user has made frequent profile picture changes or the user has been over-sharing links, pictures and websites to their timeline.     


The glitch could also happen when you add new videos and pictures to your albums or when you add information to your account like names of relatives (with or without live links) or change your phone number or email address.  


Whenever you are doing maintenance on your account, you are making changes. During that maintenance time, Facebook expects the user to review their settings.  The problem is that Facebook doesn't prompt the user to do an actual review.   





WHAT INFO ACTUALLY CHANGES?

Usually the privacy on the friends list will change from ONLY ME to FRIENDS or from FRIENDS to PUBLIC.  But not always. 


Sometimes a detail of personal information that is on your account - i.e. phone number, email address, etc - will change from ONLY ME to FRIENDS or PUBLIC.  No one will notice that it happened unless they are checking you out for a friend request or someone is just being nosy.


 
Almost everyone who has ever been hacked has changed their profile or cover picture in the 7 days before they were hacked OR they have an over-abundance of "shares" on their timeline for different websites and Facebook Pages.  Hackers know that's when the user's settings have changed and they take advantage of that window of time to hack.


Every time you make a change on  your Facebook account, do a mini-security check to see that your privacy on each section has not been changed.

Once a month, write it on your personal calendar to check your settings to make sure they are the way you want them.

Please use this button to share our post with your Facebook friends so they can enjoy our websites too. Thanks!


Click to share