• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Geek's Advice

IT News, Software Reviews, How To's & Computer Help

  • News
  • Reviews
  • Removal guides
  • Fix
  • Tutorials
  • Forum
  • ASK A GEEK

Facebook security breach puts 50 million user accounts at risk

October 16, 2018 By Norbert Webb Leave a Comment

Facebook View As feature contained a security flaw

Failure to secure “View As” feature results in Facebook vulnerability affecting millions

Contents

  • Failure to secure “View As” feature results in Facebook vulnerability affecting millions
    • Three bugs creating the vulnerability
  • Facebook issues new access tokens for 90 million accounts
  • It is still unclear who is behind the attack

Facebook security breach occurred due to insecure “View As” feature. According to experts, the bug gave fraudsters a chance to take control over users’ accounts, including the one that belongs to Mark Zuckerberg, the CEO of social media giant. Guy Rosen, the VP of Product Management at Facebook, disclosed the Facebook security breach “affecting 50 million accounts” in an official statement which was published on September 28th, 2018. The social media giant immediately fixed the issue and informed the law enforcement.

The statement informs that the investigation regarding the security breach is still in progress. However, it is now clear that the method hackers used to gain control of victim’s accounts is related to Facebook’s “View As” feature, allowing users to view their profiles as someone else. It turns out that the feature gave hackers a chance to steal so-called FB access tokens, later used to access victim’s accounts illegally. According to Pedro Canahuati, the Vice President of Security and Privacy at Facebook, claims that vulnerability “was the result” of three bugs listed below.

Three bugs creating the vulnerability

  • The “View As” feature was meant to be a view-only interface. It turns out that one type of composer (particularly the one that allows posting a happy birthday wish) – “View As” made it possible to post a video.
  • The latest version of video uploader was was presented in July 2017. It appears that it faulty generated access token that held the permissions for the mobile version of the Facebook app.
  • The faulty video uploader appeared in “View As” mode, generating an access token for the person you want to view your profile as, not for yourself as a viewer.

The access token was available in the HTML code of the page, easily accessible for the attackers. If you are unaware of what access tokens are, these help to keep people logged into the social media platform. Consequently, you do not need to re-login over and over again on a daily basis.

Facebook issues new access tokens for 90 million accounts

Facebook has already reset the access tokens for the said 50 million accounts. Additionally, these were reset for extra 40 million that wasn’t affected by the Facebook security breach. As a result, around 90 million people will be asked to re-login into their accounts the next time they will launch the Facebook app. Besides, a notification informing of what has happened will appear on top of the news feed.

The “View As” feature which contained the vulnerability in its code will be temporarily turned off for now. The social media giant’s programmers are currently investigating the code and making sure it fits top quality and security standards.

It is still unclear who is behind the attack

Facebook is in the middle of the investigation to find out how the compromised accounts were affected. The aim is to discover whether the hackers sought to misuse them or to dig for private information. At the moment, it is unclear who are these hackers and what country they originate from. Facebook apologized for the failure to spot the vulnerability before fraudsters did. In addition, it promised to keep resetting access tokens for any vulnerable accounts when discovered. You can read the official statement about the Facebook Security Breach in FB News Room. If you want to learn more about securing your account and learn to identify scams and viruses on the social media platform, consider reading our insights on Facebook viruses.

It is unknown whether this has anything to do with a website bug bounty hunter known as Chang Chi-yuan. On Sunday, the guy from Taiwan published a statement saying that he is going to live-stream hacking M. Zuckerberg’s account. However, later that day, he called off his plans, explaining that he didn’t expect his intentions to go viral. It is not clear yet whether he planned to use the vulnerability in “View As” mode or not.

norbert webb author at geeksadvice.com
Norbert Webb

Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.

Related posts:

  1. Remove “Is That You” Facebook Virus (2022 Guide) “Is That You” Facebook virus aims to obtain sensitive data...
  2. Remove Facebook virus (Malware Removal Instructions) Beware of Facebook virus in 2020ContentsBeware of Facebook virus in...

Filed Under: News Tagged With: Facebook, Hack, Security

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

SEARCH OUR SITE

Trending

decrypt files locked by stop djvu ransomware virus

Decrypt Files Locked by STOP/DJVU Ransomware (Updated 2022 Guide)

You can decrypt or repair files encrypted by … [Read More...] about Decrypt Files Locked by STOP/DJVU Ransomware (Updated 2022 Guide)

Remove STOP/DJVU Ransomware Virus (2022 Guide)

STOP/DJVU ransomware attacks continue in 2022: new … [Read More...] about Remove STOP/DJVU Ransomware Virus (2022 Guide)

Remove Segurazo Antivirus (SAntivirus Removal Guide 2021)

Segurazo review: is it a virus? Segurazo … [Read More...] about Remove Segurazo Antivirus (SAntivirus Removal Guide 2021)

easy ways to fix dns_probe_finished_nxdomain error on windows, mac, android, chromebook

Fix DNS_PROBE_FINISHED_NXDOMAIN Error (Windows, Mac, Android, Chromebook)

DNS_PROBE_FINISHED_NXDOMAIN error … [Read More...] about Fix DNS_PROBE_FINISHED_NXDOMAIN Error (Windows, Mac, Android, Chromebook)

POPULAR SOFTWARE REVIEWS

Private Internet Access Review

Private Internet Access Review 2022: Fast, Secure & Cheap VPN

Private Internet Access (PIA) VPN maintains its long-term role as a leader Private Internet … [Read More...] about Private Internet Access Review 2022: Fast, Secure & Cheap VPN

intego antivirus for windows review 2021

INTEGO ANTIVIRUS for Windows Review 2022: Strong rival to existing security products

Intego Antivirus for Windows: exceptional security for your PC INTEGO ANTIVIRUS for Windows is … [Read More...] about INTEGO ANTIVIRUS for Windows Review 2022: Strong rival to existing security products

INTEGO antivirus review for Mac 2021

Intego Antivirus Review: Best Mac Antivirus in 2022?

Intego Antivirus for Mac is probably the best security choice for OS X Intego Antivirus for Mac … [Read More...] about Intego Antivirus Review: Best Mac Antivirus in 2022?

OUR EXPERTS RECOMMEND

Comprehensive PC Repair Software

geek's advice recommends restoro pc repair as editors choice
DOWNLOAD NOW
  • Uses Avira engine to remove malware
  • Repairs Virus Damage
  • Fixes Windows Errors & BSOD
  • Replaces Damaged DLLs
  • Repairs Damaged Windows Settings
  • Identifies Hardware Problems

Compatible with Microsoft Windows.

Read Full Review

Robust Mac Antivirus

geek's advice recommends intego antivirus as editors choice
GET INTEGO
  • 24/7 real-time protection
  • Intelligent firewall
  • Scans emails for malware
  • Scans iOS devices & external drives
  • Excellent malware detection rate
  • Easy-to-use

Compatible with Mac OS X 10.9-11.

Read Full Review

Copyright © 2022 Geeksadvice.com. Any unauthorized copying, redistribution or reproduction of part or all of the site contents in any form is prohibited.

About Us · Terms of Use · Privacy Policy · Contact Us

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok