Facebook hacked – Attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of 50 Million Users.
Facebook hacked, this is news that is rapidly spreading across the Internet. A few hours ago, Facebook announced that an attack on its computer network exposed the personal information of roughly 50 million users.
The giant of social networks has discovered the security breach this week, the attackers have exploited a bug in the “View as” features to steal access tokens of the users and take over their accounts.
Facebook has identified the flaw exploited in the attack and already fixed it, it immediately launched an investigation and reported the incident to law enforcement.
In a blog post, Facebook’s Guy Rosen, VP of Product Management explained that the attackers exploited a vulnerability associated with Facebook’s “View As” feature that allowed them to steal Facebook access tokens. These tokens could then be used to take over people’s accounts.
“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts.” stated Guy Rosen, Facebook VP of Product Management.
“Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.”
Facebook disabled the “View As” feature in response to the incident, the company reset the security tokens for the 50 million impacted accounts, and as a precautionary measure, reset them for other 40 million accounts.
“Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.” continues Guy Rosen.
“Third, we’re temporarily turning off the “View As” feature while we conduct a thorough security review.”
Facebook revealed that the bug exploited by the attackers was introduced with a change to their video uploading feature made in July 2017.
The tech giant said it did not know the source of the attack or identity of the attackers.
“We’re taking it really seriously,” Mark Zuckerberg, the company’s chief executive, said in a conference call with reporters. “We have a major security effort at the company that hardens all of our surfaces.” He added: “I’m glad we found this. But it definitely is an issue that this happened in the first place.”
The company will provide more information once the investigation will be completed.