Official statement of the Canadian Centre for Cyber Security - Facebook data breach

Last week, Facebook notified the public of a data breach affecting almost 50 million accounts. The breach, which took place on September 25, 2018, was the result of attackers exploiting a vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. in Facebook’s code.

Quotes

"The Canadian Centre for Cyber Security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. is aware of the incident and is advising Canadians to read the latest advice Facebook has published."

“Based on current information, we understand that Facebook has fixed the flaw and temporarily disabled the ‘view as’ function.”

“Users should be aware of and guard GuardA gateway that is placed between two networks, computers, or other information systems that operate at different security levels. The guard mediates all information transfers between the two levels so that no sensitive information from the higher security level is disclosed to the lower level. It also protects the integrity of data on the higher level. against possible phishing PhishingAn attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking or spoofing a specific, usually well-known brand, usually for financial gain. Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information, which they may then use to commit fraudulent acts. attacks, as any data accessed may be used to make phishing attempts more credible.”

Information and advice related to this incident

Key Contacts

  • For concerns related to these and other cyber security related issues please contact the Cyber Centre.
  • If a member of the public thinks they have been a victim of cyber crime or cyber-enabled fraud, they should contact the Canadian Anti-Fraud Centre.

Possible implications of a data breach

Anyone can be a target of phishing e-mails at any time. If your data has been breached, it may be used to make phishing attempts more credible. Phishing attempts may come through Facebook messaging or through email for Facebook users who shared their email addresses with friends.

How to detect phishing e-mails

While phishing e-mails can be hard to identify, there are a number of proactive ways to avoid falling prey to them and triggering a cyber-incident. Before opening attachments or links embedded within an e-mail, take the following steps:

  • Make sure you know the sender of an e-mail and that its tone is consistent with the sender.
  • Make sure that the Web address or attachment is relevant to the content of the e-mail.
  • Make sure that the sender’s e-mail address has a valid username and domain name. A suspicious e-mail address could be similar to the one below:
“John Doe <ohndoe.%nklo17er@gkmail.com>”.

Fraudulent phone calls

If your phone number was released in a data breach incident this may lead to an increase in fraudulent calls. If you receive a suspicious phone call, remember never give remote access to your computer in response to an unsolicited call.

For more information, please see Get Cyber Safe’s guidance on the following topics:

About the Cyber Centre

  • The Cyber Centre informs, communicates, and educates Canadians about cyber security issues by providing a clear, trusted, credible voice backed up by unique expertise and insight.  The Cyber Centre acts as the operational leader and government spokesperson during cyber security events and provides leadership on national cyber security issues.
  • The Cyber Centre is an outward-facing organization that welcomes industry partners for collaborative work on the toughest cyber security challenges Canada is facing.
Date modified: