Facebook today revealed that its system was breached on September 25 by hackers and the details of some 50 million people may have been exposed. Facebook said it is taking the matter “incredibly seriously” and is being transparent in providing information as it investigates the breach. “It’s clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.” Tokens are widely used to keep people logged into their account across devices and user sessions. Facebook says it has repaired the vulnerability in question as well as alerted law enforcement. The company was forced to reset the access tokens of the 50 million impacted users, as well as another 40 million accounts that have been subject to a “View As” search during the last 12 months. This means 90 million people will be automatically logged out of their accounts on all devices and will need to log back in. Facebook is turning off the “View As” feature until the company has completed a security review. Facebook said it is too early in the investigation to determine what user data was accessed and whether users’ account data was misused. Facebook does not know the identity of the attackers. For time time being, users will not need to reset their passwords.
Write a comment