Facebook users are being duped into thinking that their accounts have been cloned thanks to a viral message that made the rounds of the social networking site on Sunday.

The message says that the sender has received a duplicate friend request from the recipient. Then, it tells the receiver to forward the same message to their friends. Many have apparently taken that to mean that they should forward the same message to all of their friends, prompting dozens or even hundreds of others to believe that there may be a problem with their accounts as well.

The message hints that the receiver may have been the victim of a cloning scam. That’s where a malicious user copies images and information from a person’s Facebook account in order to create a duplicate “clone” account, then sends out friend requests to the victim’s friends. The duplicate user may message these friends in an attempt to learn personal information about the cloned user or to spread scam messages.

There appears to be no reason at this time to forward a message telling friends that their account may have been cloned without having actually received a duplicate friend request.

So what should you do if you receive one of these hoax messages? Nothing. Delete the message and move on.

If you are worried you might be the victim of Facebook cloning, try searching for other versions of your account and report duplicate profiles to Facebook.

A media report today revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state.

According to a lengthy report published today by Bloomberg, a tiny surveillance chip, not much bigger than a grain of rice, has been found hidden in the servers used by nearly 30 American companies, including Apple and Amazon.

The malicious chips, which were not part of the original server motherboards designed by the U.S-based company Super Micro, had been inserted during the manufacturing process in China.

The report, based on a 3-year-long top-secret investigation in the United States, claims that the Chinese government-affiliated groups managed to infiltrate the supply chain to install tiny surveillance chips to motherboards which ended up in servers deployed by U.S. military, U.S. intelligence agencies, and many U.S. companies like Apple and Amazon.

"Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, according to a person familiar with the timeline," the report said.

"Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that were loaded with more complex code; and preparing the device’s operating system to accept this new code."

The chips suspected to have been added to help Chinese government spy on American companies and their users—basically a "hardware hack" that according to the publication is "more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get."

Apple, Amazon, and Super Micro Refute the Bloomberg Report

Apple told Bloomberg that the company has never found malicious chips, "hardware manipulations," or vulnerabilities purposely planted in any of its servers, or it "had any contact with the FBI or any other agency about such an incident."

Apple ended its relationship with Super Micro in 2016. To its best guess, Apple said that the Bloomberg reporters confused their story with a previously-reported 2016 incident in which the company found an infected driver on a single Super Micro server in one of its labs.

Amazon also says it is "untrue" that the company knew of "a supply chain compromise," or "servers containing malicious chips or modifications in data centers based in China," or that it "worked with the FBI to investigate or provide data about malicious hardware."

Meanwhile, Supermicro and Chinese Ministry of Foreign Affairs have also strongly denied Bloomberg's findings by releasing lengthy statements. Here you can find a full list of official statements from Amazon, Apple, Supermicro and Chinese Ministry of Foreign Affairs.

Jose Rodriguez, an iPhone enthusiast, has discovered a passcode bypass vulnerability in Apple’s new iOS version 12 that potentially allows an attacker to access photos and contacts, including phone numbers and emails, on a locked iPhone XS and other recent iPhone models.

Rodriguez, who also discovered iPhone lock screen hacks in the past, has posted two videos (in Spanish) on his YouTube channel under the account name Videosdebarraquito demonstrating a complicated 37-step iPhone passcode bypass process.

The iPhone authorization screen bypass flaw works on the latest iPhones, including the iPhone XS, running Apple's latest iOS 12 beta and iOS 12 operating systems.

Video Demonstrations: Here's How to Bypass iPhone Passcode

As you can watch in the video demonstrations, the iPhone hack works provided the attacker has physical access to the targeted iPhone that has Siri enabled and Face ID either disabled or physically covered.

Once these requirements are satisfied, the attacker can begin the complicated 37-step iPhone passcode bypass process by tricking Siri and iOS accessibility feature called VoiceOver to sidestep the iPhone's passcode.

This iPhone passcode bypass method potentially allows the attacker to access the contacts stored in the iPhone, including phone numbers and email addresses, and to access Camera Roll and other photo folders, by selecting a contact to edit and change its image.

Though Apple has some built-in security measures to prevent this from happening, Rodriguez found a way to bypass those security barriers, as you can see in the video.

Here's how to Fix the iPhone Passcode Bypass Bug

The passcode bypass methods work on all iPhones including the latest iPhone XS lineup, but the company does not appear to have patched the vulnerabilities in the latest iOS 12.1 beta.

Until Apple comes up with a fix, you can temporarily fix the issue by just disabling Siri from the lockscreen. Here's how to disable Siri:

• Go to the Settings → Face ID & Passcode (Touch ID & Passcode on iPhones with Touch ID) and Disable Siri toggle under "Allow access when locked."

Of course, disabling Siri would cripple your iOS 12 experience, but would prevent attackers from abusing the feature and breaking into your iPhone.

Meanwhile, just wait for Apple to issue a software update to address the issue as soon as possible.

Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles.

In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people.

“This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts,” Facebook wrote. “Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”

Facebook said it was removing the insecure “View As” feature, and resetting the access tokens of 50 million accounts that the company said it knows were affected, as well as the tokens for another 40 million users that may have been impacted over the past year.

The company said it was just beginning its investigation, and that it doesn’t yet know some basic facts about the incident, such as whether these accounts were misused, if any private information was accessed, or who might be responsible for these attacks.

“We have invalidated data access for third-party apps for the affected individuals,” the spokesperson said, referring to the 90 million account that were forcibly logged out today and presented with a notification about the incident at the top of their feed.

Free credit freezes

Security freezes, also known as credit freezes, restrict access to your credit file, making it harder for identity thieves to open new accounts in your name. Starting September 21, 2018, you can freeze and unfreeze your credit file for free. You also can get a free freeze for your children who are under 16. And if you are someone’s guardian, conservator or have a valid power of attorney, you can get a free freeze for that person, too.

How will these freezes work? Contact all three of the nationwide credit reporting agencies – Equifax, Experian, and TransUnion. If you request a freeze online or by phone, the agency must place the freeze within one business day. If you request a lift of the freeze, the agency must lift it within one hour. If you make your request by mail, the agency must place or lift the freeze within three business days after it gets your request. You also can lift the freeze temporarily without a fee.

Don’t confuse freezes with locks. They work in a similar way, but locks may have monthly fees. If you want a free freeze guaranteed by federal law, then opt for a freeze, not a lock.

Year-long fraud alerts

A fraud alert tells businesses that check your credit that they should check with you before opening a new account. Starting September 21, 2018, when you place a fraud alert, it will last one year, instead of 90 days. Fraud alerts will still be free and identity theft victims can still get an extended fraud alert for seven years.

How to freeze your accounts

To file a freeze, consumers must contact each of the three major credit bureaus online, by phone or by mail. Here’s the updated contact information for the big three:

Online: Equifax Freeze Page
By phone: 800-685-1111
By Mail: Equifax Security Freeze
P.O. Box 105788
Atlanta, Georgia 30348-5788

Online: Experian
By phone: 888-397-3742
By Mail: Experian Security Freeze
P.O. Box 9554, Allen, TX 75013

Online: TransUnion
By Phone: 888-909-8872
By Mail: TransUnion LLC
P.O. Box 2000 Chester, PA 19016