Facebook addresses a hack that affected 50 million accounts
No System is 100% safe, even Facebook. Facebook was hacked and about 50 million people’s account was affected. According to the founder of the social media, Mark Zuckerberg, the attack was discovered on Tuesday, 25th September. He confirmed that a security patch has been implemented to make sure the attack doesn’t reoccur. The 1 billion online village was breached by hackers through a technical vulnerability of stolen access tokens.
On Tuesday, we discovered that an attacker exploited a technical vulnerability to steal access tokens that would allow them to log into about 50 million people’s accounts on Facebook. Mark Zuckerberg
Facebook couldn’t confirm if the affected accounts were misused. This is one million reasons not to allow unnecessary Facebook apps to generate access token to your profile. Cyber theft of personal may not pose any harm at first instance, but chances are that the after effects is not an acceptable one.
This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens. Guy Rosen, VP of Product Management
In reaction to the attack, Facebook logged out the 50 million people whose account was affected. I was logged out as well. They made null the access token which was used to carry out the attack.
Facebook also took down a feature – View As, which enabled users view their profile like a visitor. The feature, Facebook claims was exploited by the attackers to spoof the details of 50 million people’s account. Over 40 million users who have used the “View As” feature since last year were logged out as well.
Facebook says you don’t need to press the panic button yet, all accounts are now safe. All you need to do it log in again, if you have been logged out.