Connect with us

FACEBOOK

Hackers take control of Aussie singer’s Facebook page as high-profile accounts targeted – 9News

Published

on

It started with an innocuous email – one that Cassidy Anderson was tempted to ignore.

The Australian singer and performer, who is best known in Malaysia for her work under the stage name Cassidy La Creme, saw a notification from Facebook on Sunday saying someone had tried to log in to her account from a new device.

“I was going to dismiss it and then I thought no, I haven’t signed in from anywhere new,” she said.

Hackers targeted Cassidy Anderson's fan page because it has a large number of followers.
Hackers targeted Cassidy Anderson’s fan page because it has a large number of followers. (Facebook: Cassidy Anderson)

The location of the rogue sign-in was in California, further raising Ms Anderson’s suspicions.

She responded to Facebook, reporting that it was not her who had logged in to her Facebook page.

Hackers had already infiltrated her account, changing the date-of-birth and email address linked to her page.

Advertisement
free widgets for website

Locked out, Ms Anderson watched as her profile name was bizarrely changed to “Mumbai Davil”.

A screenshot taken by Ms Anderson as she was trying to get back in to her hacked account.
A screenshot taken by Ms Anderson as she was trying to get back in to her hacked account. (Facebook: Cassidy Anderson)

Having gained control of Ms Anderson’s personal Facebook page, the hackers moved on to her Facebook fansite, which has 183,000 followers.

They flooded the page with viral videos.

With no way to access her business page, Ms Anderson could only watch as the hackers posted a steady stream of random clips showing animals, babies and clever tricks over the space of days.

Ms Anderson didn’t know it, but she had fallen victim to a popular type of Facebook hack, which specifically targets users with a large amount of followers.

“These hacks are far too common,” technology and cyber-security expert Trevor Long said.

Advertisement
free widgets for website

“The hackers are using high-profile pages to host content that attracts high engagement.

See also  How To Enable Dark Mode On Facebook iOS, Android & Web

“They are then able to leverage that engagement to ‘boost’ or push out other posts, potentially scams themselves, to capture the personal information of victims.”

Ms Anderson said she had worked for 10 years to build up the followers on her Facebook page.
Ms Anderson said she had worked for 10 years to build up the followers on her Facebook page. (Facebook: Cassidy Anderson)

Ms Anderson said losing her Facebook fan page to hackers was “absolutely heartbreaking”.

“That page is everything to me. It’s my biggest platform and how people find me,” she said.

“I have got a decent following across everything but Facebook I’ve been working on for 10 years.”

Ms Anderson said she was also afraid to think of the personal information she might have shared in direct messages, such as her home address in Victoria.

Advertisement
free widgets for website

She also needed to take steps to change her PayPal account and notify her bank.

“It’s very violating,” she said.

“It’s similar to having your house robbed. You are running around your house thinking what is missing.”

Ms Anderson, who sings in Malay, has been referred to as the Marilyn Monroe of Malaysia.
Ms Anderson, who sings in Malay, has been referred to as the Marilyn Monroe of Malaysia. (Facebook: Cassidy Anderson)

Getting in touch with Facebook’s customer service team to try to get her account back had also been frustrating, Ms Anderson said.

With an intimate knowledge of Facebook’s processes, the hackers always seemed one step ahead, for example, removing her profile image so she could not use a photo to identify herself.

“I have had no success in contacting Facebook or finding a way to reach them directly,” Ms Anderson said.

Advertisement
free widgets for website

“You would think for people like myself, who monetise our Facebook views, we would have some kind of contact link given to us by Facebook so we can get in touch with them when our business has been compromised.”

See also  Facebook and Twitter vs India: A big tech fight is gearing up

While it might not work in all cases, there were some steps people could take to protect their accounts from hackers, Mr Long said.

“The sad thing is, for many there’s nothing you can do after the fact,” he said.

“It’s all about protecting your page while you have it.

“To do this, it’s critical your personal Facebook profile is protected by two-factor authentication.  This makes it harder to hack your account, and thus access your page.

Advertisement
free widgets for website

“Secondly, add other trusted users to your page.  So, if you are hacked, those other users can recover access and hopefully kick the hackers out.

“Facebook is a full-time job, hackers don’t make it any easier for businesses.”

Nine.com.au has contacted Facebook for comment.

A spokesperson has confirmed they are investigating Ms Anderson’s case.

Contact reporter Emily McPherson at emcpherson@nine.com.au.

Advertisement
free widgets for website

Read More

Continue Reading
Advertisement free widgets for website
Click to comment

Leave a Reply

Your email address will not be published.

FACEBOOK

Updates to Section 7 of the Developer Policies – Facebook Gaming Policies

Published

on

By

updates-to-section-7-of-the-developer-policies-–-facebook-gaming-policies

We have updated Section 7 of the Developer Policies effective immediately. No change is required from the developers’ end, only awareness about these changes.

As part of our continuous focus on improving developers’ experience, we have made some updates to the Section 7 of the Developer Policies which covers all Facebook Gaming Products, such as Web Games on Facebook.com, Instant Games and Cloud Games. As part of this update we have removed outdated policies, and streamlined the language and structure of Section 7 to better reflect the existing state of our Facebook Gaming Products. We have also reorganized some policies under the Quality Guidelines. These updates do not introduce any product change, nor do they include any new requirements for developers.

Please review the updated Section 7 to familiarize yourself with the updated content structure.

First seen at developers.facebook.com

See also  Facebook and Amazon urge Malaysia to allow overseas cable ships to operate | TradeWinds
Continue Reading

FACEBOOK

Creating Apps with App Use Cases

Published

on

By

creating-apps-with-app-use-cases

With the goal of making Meta’s app creation process easier for developers to create and customize their apps, we are announcing the rollout of an updated process using App Use Cases instead of the former product-focused process. App Use Cases will enable developers to quickly create apps by selecting the use case that best represents their reason for creating an app.

Currently, the product-focused app creation process requires developers to select an app type and individually request permission to API endpoints. After listening to feedback from developers saying this process was, at times, confusing and difficult to navigate, we’re updating our approach that’s based on App Use Cases. With App Use Cases, user permissions and features will be bundled with each use case so developers can now confidently select the right data access for their needs. This change sets developers up for success to create their app and navigate app review, ensuring they only get the exact data access they need to accomplish their goals.

Starting today Facebook Login will be the first use case to become available to developers. This will be the first of many use cases that will be built into the app creation process that will roll out continually in 2023. For more information please reference our Facebook Login documentation.

First seen at developers.facebook.com

See also  Facebook is working on a version of Instagram for kids under 13
Continue Reading

FACEBOOK

Understanding Authorization Tokens and Access for the WhatsApp Business Platform

Published

on

By

understanding-authorization-tokens-and-access-for-the-whatsapp-business-platform

The WhatsApp Business Platform makes it easy to send WhatsApp messages to your customers and automate replies. Here, we’ll explore authentication using the Cloud API, hosted by Meta.

We’ll start with generating and using a temporary access token and then replace it with a permanent access token. This tutorial assumes you’re building a server-side application and won’t need additional steps to keep your WhatsApp application secrets securely stored.

Managing Access and Authorization Tokens

First, let’s review how to manage authorization tokens and safely access the API.

Prerequisites

Start by making sure you have a developer account on Meta for Developers. You’ll also need WhatsApp installed on a mobile device to send test messages to.

Creating an App

Before you can authenticate, you’ll need an application to authenticate you.

Advertisement
free widgets for website

Once you’re signed in, you see the Meta for Developers App Dashboard. Click Create App to get started.

Next, you’ll need to choose an app type. Choose Business.

After that, enter a display name for your application. If you have a business account to link to your app, select it. If not, don’t worry. The Meta for Developers platform creates a test business account you can use to experiment with the API. When done, click Create App.

Then, you’ll need to add products to your app. Scroll down until you see WhatsApp and click the Set up button:

Finally, choose an existing Meta Business Account or ask the platform to create a new one and click Continue:

Advertisement
free widgets for website

And with that, your app is created and ready to use. You’re automatically directed to the app’s dashboard.

Note that you have a temporary access token. For security reasons, the token expires in less than 24 hours. However, you can use it for now to test accessing the API. Later, we’ll cover how to generate a permanent access token that your server applications can use. Also, note your app’s phone number ID because you’ll need it soon.

See also  Facebook and Instagram are down for some users

Click the dropdown under the To field, and then click Manage phone number list.

In the popup that appears, enter the phone number of a WhatsApp account to send test messages to.

Then, scroll further down the dashboard page and you’ll see an example curl call that looks similar to this:

Advertisement
free widgets for website
curl -i -X POST https://graph.facebook.com/v13.0//messages -H 'Authorization: Bearer ' -H 'Content-Type: application/json' -d '{ "messaging_product": "whatsapp", "to": "", "type": "template", "template": { "name": "hello_world", "language": { "code": "en_US" } } }'

Note that the Meta for Developers platform inserts your app’s phone number ID and access token instead of the and placeholders shown above. If you have curl installed, paste the command into your terminal and run it. You should receive a “hello world” message in WhatsApp on your test device.

If you’d prefer, you can convert the curl request into an HTTP request in your programming language by simply creating a POST request that sets the Authorization and Content-Type headers as shown above, including the JSON payload in the request body.

Since this post is about authentication, let’s focus on that. Notice that you’ve included your app’s access token in the Authorization header. For any request to the API, you must set the Authorization header to Bearer .

Remember that you must use your token instead of the placeholder. Using bearer tokens will be familiar if you’ve worked with JWT or OAuth2 tokens before. If you’ve never seen one before, a bearer token is essentially a random secret string that you, as the bearer of the token, can present to an API to prove you’re allowed to access it.

Failure to include this header causes the API to return a 401 Unauthorized response code.

Advertisement
free widgets for website

Creating a Permanent Access Token

Knowing that you need to use a bearer token in the Authorization header of an HTTP request is helpful, but it’s not enough. The only access token you’ve seen so far is temporary. Chances are that you want your app to access the API for more than 24 hours, so you need to generate a longer-lasting access token.

Fortunately, the Meta for Developers platform makes this easy. All you need to do is add a System User to your business account to obtain an access token you can use to continue accessing the API. To create a system user, do the following:

  • Go to Business Settings.

  • Select the business account your app is associated with.
  • Below Users, click System Users.
  • Click Add.
  • Name the system user, choose Admin as the user role, and click Create System User.
  • Select the whatsapp_business_messaging permission.
  • Click Generate New Token.
  • Copy and save your token.

Your access token is a random string of letters and numbers. Now, try re-running the earlier request using the token you just created instead of the temporary one:

curl -i -X POST https://graph.facebook.com/v13.0//messages -H 'Authorization: Bearer ' -H 'Content-Type: application/json' -d '{ "messaging_product": "whatsapp", "to": "", "type": "template", "template": { "name": "hello_world", "language": { "code": "en_US" } } }'

Your test device should receive a second hello message sent via the API.

Best Practices for Managing Access Tokens

It’s important to remember that you should never embed an App Access Token in a mobile or desktop application. These tokens are only for use in server-side applications that communicate with the API. Safeguard them the same way you would any other application secrets, like your database credentials, as anyone with your token has access to the API as your business.

If your application runs on a cloud services provider like AWS, Azure, GCP, or others, those platforms have tools to securely store app secrets. Alternatively there are freely-available secret stores like Vault or Conjur. While any of these options may work for you, it’s important to evaluate your options and choose what works best for your setup. At the very least, consider storing access tokens in environment variables and not in a database or a file where they’re easy to find during a data breach.

Advertisement
free widgets for website

Conclusion

In this post, you learned how to create a Meta for Developers app that leverages the WhatsApp Business Platform. You now know how the Cloud API’s bearer access tokens work, how to send an access token using an HTTP authorization header, and what happens if you send an invalid access token. You also understand the importance of keeping your access tokens safe since an access token allows an application to access a business’ WhatsApp messaging capabilities.

Why not try using the Cloud API, hosted by Meta if you’re considering building an app for your business to manage WhatsApp messaging? Now that you know how to obtain and use access tokens, you can use them to access any endpoint in the API.

First seen at developers.facebook.com

Continue Reading

Trending