Written by Devuni Goonewardene
29 Sep, 2018 | 5:27 pm
Colombo (News 1st) – Facebook says almost 50 million of its users were left exposed by a security flaw.
According to Facebook, “attackers exploited a vulnerability in Facebook’s code that affected the ‘View As’ feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens, which they could then use to take over people’s accounts.”
An access token keeps you logged into Facebook so you don’t need to enter your password each time you visit the site or app. If an attacker has your token, then he or she has access to your account.
While 50 million sounds like a big number, it’s a small percentage of the more than two billion active Facebook accounts. If you go to your Facebook page and don’t need to log in, then your account is safe and it was not breached.
If you go to your Facebook page and find that you are logged out, then your account may have been breached.
In response to discovering the attack, Facebook reset the access tokens of the 50 million accounts it found to be compromised, which will require those users to enter their password to log back in.
Facebook also took the precaution to reset access tokens of an additional 40 million accounts for those users who used the “View As” feature in the last year.
If your account was affected, Facebook will notify you in a message at the top of your News Feed when you log back in to explain what happened.
Facebook has also temporarily turned off the View As feature while it investigates.
According to Mark Zuckerberg himself, “We patched the security vulnerability to prevent this attacker or any other from being able to steal additional access tokens.” The company, however, still does not know who is responsible for the attack.
According to The Guardian, Facebook shares fell about 3% following the disclosure of the security compromise.
03 Oct, 2019 | 04:26 PM
29 Aug, 2019 | 10:39 AM
Are you interested in advertising on our website or video channel
Please contact us at [email protected]