Facebook confirms its security breach affecting 50 million users
THE SOCIAL NETWORK Facebook waited till 6 pm on Friday to announce that an estimated 50 million users had been affected by a serious security breach.
The security breach, which Facebook engineers found on 25 September, noticed hackers exploit a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets individuals see what their very own profile seems to be like to another person.
“Guy Rosen, VP of Product Management at Facebook explained that this attempt allowed them to steal Facebook access tokens which they might use to take over people’s accounts,” He further said.
Having access to a users’ authentication token, hackers would have had access too to non-public messages, which might have been uncovered to harvesting till Facebook pressured a log-out.
“This attack exploited the complicated interaction of a number of issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted ‘View As.’
“The attackers not solely wanted to search out this vulnerability and use it to get an access token, they then needed to pivot from that account to others to steal extra tokens.”
The corporate notes that its inner investigation is “nonetheless in its early levels” and says it stays unclear who could be behind the attack or what user information – if any – was taken.
The Social Network says it has fastened the vulnerability and reset the access tokens of the just about 50 million accounts affected by the breach. Moreover, as a precaution, it is resetting tokens for an additional 40 million accounts which have been subject to ‘View As’.
The firm has additionally switched off the ‘View As’ feature whereas it conducts a “thorough safety review”.
“Individual’s privacy and safety is extremely essential, and we’re sorry this occurred,” Rosen added. “It is why we have taken speedy motion to safe these accounts and let users know what occurred.
Facebook would possibly find yourself with one other breach to take care of over the weekend, as a Taiwanese hacker claims he’ll delete the Mark Zuckerberg’s account and broadcast himself doing so on Facebook Live on Sunday.