The best strategy to counter cybercrime lies not in technological security solutions but rather well-trained individuals who understand security threats as well as their adversary’s mindset and can adapt to new attacks.
Like other security enthusiasts, we have been avidly following the latest Facebook attack where access tokens for 30 million users were stolen. Large-scale breaches from hacking naturally attract significant attention, despite them being depressingly common. Aside from all the political and economic questions that are prompted when a data breach has the spotlight, the technical aspects are of central interest to security enthusiasts: what mistakes were made and cleverly exploited to successfully hack the organization? Here we explore and explain the known technical details of the hack that were promptly released by Facebook. We remark that detailed disclosures of this type demonstrate maturity and can be part of a strong cybersecurity strategy: the more companies share about their challenges and mistakes for others to avoid, the greater the payoff to everyone’s security through the proverbial golden rule.