Profile picture
Gavin Sheridan @gavinsblog
, 9 tweets, 2 min read Read on Twitter
Just thinking about the Facebook hack again. Short thread I promise.
This is speculation and scenario speculation. But imagine for a moment it's a sophisticated attacker (which it might well be), and they have a purpose in mind.
First, build a target list of Facebook IDs you want to pwn. Let's say the top 2,000 people in the world whose accounts you want to compromise and see /exfiltrate their private Facebook messages, activity etc. We already know Zuck and Sheryl were compromised.
So let's apply Dunbar's number for the average of 150 friends of those 2,000 people. Run your exploit over those accounts too, because a) you want to access messages where people discuss your 2,000 targets and b) they are likely interesting people too, because your seed list is
This gets you to ~300,000 compromised accounts. Next do one more remove of friends from those 300,000. ie, friends of friends of the 2,000 target accounts. 300,000 * 150 = 45,000,000 accounts.
Next, compromise the SSO/auths of the first 2000, then the 300,000, then the 45,000,000. Do it slowly and iteratively so as not to raise suspicions on activity. Youre still doing just a couple of degrees from your target 2,000.
In principle (and we dont yet know) you could get access to most third party services, eg Tinder message of those accounts if they used FB SSO. FB messages might be harder to pull out, since they are quantitively "bigger", but you could imagine the first degree being attempted.
Once done, store all that data. Use it for purposes yet unknown - the possible chaos and division that could be sowed by simply publishing data of that nature would be enormous. Again, this is scenarios (worst case)
So if you think things could get bad, you'd be right. But we don't know yet where on the spectrum of bad this hack is.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Gavin Sheridan
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!