Contents
Facebook security breach occurred due to insecure “View As” feature. According to experts, the bug gave fraudsters a chance to take control over users’ accounts, including the one that belongs to Mark Zuckerberg, the CEO of social media giant. Guy Rosen, the VP of Product Management at Facebook, disclosed the Facebook security breach “affecting 50 million accounts” in an official statement which was published on September 28th, 2018. The social media giant immediately fixed the issue and informed the law enforcement.
The statement informs that the investigation regarding the security breach is still in progress. However, it is now clear that the method hackers used to gain control of victim’s accounts is related to Facebook’s “View As” feature, allowing users to view their profiles as someone else. It turns out that the feature gave hackers a chance to steal so-called FB access tokens, later used to access victim’s accounts illegally. According to Pedro Canahuati, the Vice President of Security and Privacy at Facebook, claims that vulnerability “was the result” of three bugs listed below.
The access token was available in the HTML code of the page, easily accessible for the attackers. If you are unaware of what access tokens are, these help to keep people logged into the social media platform. Consequently, you do not need to re-login over and over again on a daily basis.
Facebook has already reset the access tokens for the said 50 million accounts. Additionally, these were reset for extra 40 million that wasn’t affected by the Facebook security breach. As a result, around 90 million people will be asked to re-login into their accounts the next time they will launch the Facebook app. Besides, a notification informing of what has happened will appear on top of the news feed.
The “View As” feature which contained the vulnerability in its code will be temporarily turned off for now. The social media giant’s programmers are currently investigating the code and making sure it fits top quality and security standards.
Facebook is in the middle of the investigation to find out how the compromised accounts were affected. The aim is to discover whether the hackers sought to misuse them or to dig for private information. At the moment, it is unclear who are these hackers and what country they originate from. Facebook apologized for the failure to spot the vulnerability before fraudsters did. In addition, it promised to keep resetting access tokens for any vulnerable accounts when discovered. You can read the official statement about the Facebook Security Breach in FB News Room. If you want to learn more about securing your account and learn to identify scams and viruses on the social media platform, consider reading our insights on Facebook viruses.
It is unknown whether this has anything to do with a website bug bounty hunter known as Chang Chi-yuan. On Sunday, the guy from Taiwan published a statement saying that he is going to live-stream hacking M. Zuckerberg’s account. However, later that day, he called off his plans, explaining that he didn’t expect his intentions to go viral. It is not clear yet whether he planned to use the vulnerability in “View As” mode or not.
Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.
VLFF ransomware is a virtual menace to your computer files VLFF ransomware is a newly…
UIGD ransomware encrypts all files on a computer, asks for a ransom UIGD ransomware is…
EYRV ransomware takes your computer files hostage, demands a ransom EYRV ransomware is a destructive…
Private Internet Access (PIA) VPN maintains its long-term role as a leader Private Internet Access…
XCBG ransomware aims to lock your files and demand a ransom XCBG ransomware is a…
BPQD ransomware encrypts all computer files, demands a ransom from the user BPQD ransomware is…
This website uses cookies.