Facebook has provided a comprehensive statement to detail exactly what happened and how it affects you.
Facebook recently discovered that hackers stole Facebook access tokens for millions of accounts, and now, it’s providing a comprehensive statement to detail exactly what happened and whether it affects you.
Facebook previously said that, on 25 September, its engineering team discovered hackers had exploited a vulnerability in its code. The perpetrators took advantage of security flaws in Facebook’s „View As“ code, a feature that lets you see what your profile looks like to another user or the public. Facebook said the stolen access tokens were digital keys that allowed people to stay logged in to Facebook.
Here’s what you need to know and do now. Don’t want to unfollow a friend? Facebook now lets you ’snooze‘ them 17 Facebook tips and tricks you probably never heard about 17 Facebook Messenger tips and tricks you likely didn’t know How to permanently delete Facebook but keep your photos and more How and when did this happen? Hackers exploited a vulnerability in code for the „View As“ feature The vulnerability (the result of three bugs) first appeared in 2017 Hackers stole access tokens used to take over people’s accounts
The investigation is in its early stages now. It looks like hackers exploited a vulnerability — the result of three bugs — in Facebook’s code for the „View As“ feature. They stole Facebook access tokens, which they could then use to take over people’s accounts. (These access tokens are described as „digital keys“ that keep people logged in to Facebook so they don’t need to re-enter their password every time.)
The vulnerability in Facebook’s code first appeared in July 2017, when Facebook made a change to a video uploading feature. It didn’t notice any unusual activity until 14 September 2018, when it saw a jump in user access to the site. It then launched an investigation and discovered this attack. So, the hackers had a chance to exploit the vulnerability in Facebook’s code from July 2017 to late September 2018. Who are the hackers?
Facebook doesn’t know who executed the attacks or where they’re based. Who was affected?
Facebook originally said it reset access tokens for nearly 50 million accounts that were supposedly affected and another 40 million accounts that were „subject to a ‚View As‘ lookup in the last year“. In its most recent statement, Facebook revealed the hackers stole access tokens for 30 million accounts (revised from 50 million), and that they gained complete access to users‘ profiles.
Of those 30 million accounts, the hackers accessed contact information like name, email addresses, and phone numbers for 14 million accounts. Another 15 million accounts had other information accessed, including gender, religion, location, device information.
No information was accessed for the remaining one million accounts. How to check if your Facebook account was hacked
You can check whether you were affected by visiting the Help Center. Go to this page. Scroll down to: Is my Facebook account impacted by this security issue?
From there, you’ll either see: that you’re were not impacted; you were part of the 15 million who had their name, email addresses, and phone number accessed; or you’re one of the 14 million who had their gender, religion, location, device information accessed. Facebook said it plans to send messages to the 30 million people affected. The messages will explain what information the attackers might have accessed. Do you need to change your password?
Facebook said there is no need for anyone to change their passwords.
If you’re still concerned, you can visit the “ Security and Login “ section in Settings to log out of all devices at once. Pocket-lint What’s the plan of action now? The vulnerability in Facebook’s code has been fixed Facebook informed the authorities in September 2018 Facebook began alerting users of the breach in September 2018
The vulnerability has been patched, and Facebook has informed the authorities. While an investigation into the security breach continues, Facebook has reset accounts for 90 million people. Those users now have to log back in to Facebook, including any of their apps that use Facebook Login. After they have logged back in, they will get a notification at the top of their News Feed explaining what happened.
Lastly, Facebook is temporarily turning off the „View As“ feature. Has Facebook apologised?
Yes. Facebook said it is „sorry this happened“. You can read the full apology here, or read an excerpt below:
„People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened.“ What about Mark Zuckerberg?
Here is what the Facebook CEO had to say:
Want to know more?
See Facebook’s announcement for more details.
