Facebook has fixed another security issue this week, revealing as many as 50 million affected accounts. The social media platform is still investigating the
Facebook has fixed another security issue this week, revealing as many as 50 million affected accounts. The social media platform is still investigating the issue, but has determined that the vulnerability stemmed from its “View As” feature, allowing users to see what their profile would look like to other people.
Instead of using passwords to take control of a user’s profile, attackers exploited “access token,” which “are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.” This was a large part of the change to the video uploading feature in July 2017, which in turn affected Facebook’s “View As” system.
Although 50 million accounts are believed to have been affected, a further 40 million have been utilised “View As” look-up in the last year, resulting in a total 90 million people that have to log back into their accounts across all devices. Given how Facebook spreads itself out over third-party applications, such as its log-on feature, this number is expected to reach much higher, however this remains speculation for the time being. Fortunately, however, passwords remain unaffected, meaning users don’t necessarily need to change them following the breach.
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based,” reads the Facebook post. We’re working hard to better understand these details—and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.”
In the meantime, Facebook states that it has stomped out the problem and informed law enforcement of the matter. In the meantime, while conducting its investigation, it has temporarily disabled the “View As” feature to avoid further problems.
CEO Mark Zuckerberg and COO Sheryl Sandberg were reportedly among the affected accounts. This marks a particularly bad week for Zuckerberg, as former as Taiwanese “white-hat” hacker Chang Chi-yuan has openly threatened to delete his account entirely by Sunday, live on stream.
KitGuru Says: Damage this time around seems to have been minimal, but given the sheer frequency and scale of security breaches, it prompts the question as to how long Facebook can last in the court of public opinion. How do you feel about the recent security breach?
