Skip to main content

50 Million Facebook Accounts Compromised, Is Your Business Page Safe?

The security breach which was discovered by Facebook (NASDAQ: FB) engineers on September 25 allowed the attackers to take direct control over user accounts; around 50 million of them to be exact.

The Latest Facebook Security Breach

In addition to the 50 million, Facebook also said there were another 40 million accounts which were potentially vulnerable. All said, the company logged out 90 million accounts to prevent further damage.

In a security update, Facebook admitted the attack was able to exploit the complex interaction of multiple issues in its code. This came about from a change the company made to its video uploading feature in July of 2017 affecting the “View As” feature.

Facebook said, “The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.”


This attack couldn’t have come at a worse time for Facebook. The company is trying to ratchet up its security before the upcoming mid-term elections while at the same time trying to recover from the Cambridge Analytica fiasco in which data from about 87 million users was shared with a political consulting agency.

The View As Feature

  1. The View As feature allows users to see how a profile looks to other people.
  2. The attackers were able to exploit three flaws or bugs in the “View As” feature. In the same security update, Pedro Canahuati, Vice President of Engineering, Security and Privacy, listed those flaws as follows:

  4. View As incorrectly provided the opportunity to post a video.
  5. A new version of the video uploader (the interface that would be presented as a result of the first bug), introduced in July 2017, incorrectly generated an access token that had the permissions of the Facebook mobile app.
  6. When the video uploader appeared as part of View As, it generated the access token NOT for the viewer, but for the user the viewer was looking up.
  7. Facebook said it has turned off the View As feature temporarily while it conducts a security review.

Tricking Facebook to Issue Access Tokens

With this vulnerability, the attackers were able to trick Facebook into issuing them access tokens. This gave them access to user accounts as if they were the user.

They also had access to services the user might’ve registered for using Facebook such as Airbnb, Spotify, Tinder or other apps and games.


Facebook has reset the access tokens of the 50 million accounts that were affected as well as the additional 40 million accounts that might’ve been vulnerable.

If your account was one of the 90 million affected by this incident, you will be prompted to re-login on Facebook and any linked accounts.

Who is Responsible?

In a conference call (PDF) Guy Rosen, Vice President of Product Management for Facebook said the company has notified law enforcement and is working with the FBI.

As to who is responsible, Rosen goes on to say it is hard to discover who was behind the attack, adding “We may never know.”

Labels:

Popular posts from this blog

EGYPTIAN PASSPORT VISA FREE COUNTRIES 2018 LIST

LIST OF EGYPTIAN PASSPORT VISA FREE COUNTRIES 2018 There is a certain number of benefits available to the Egyptians citizens in the event of traveling around the world. Egypt has stood out to become one of the zenith priority of many outsiders for years now who prefer transacting business and exchange of good and services due to wonderful business climate and its uninterrupted power supply or also for some they prefer the passport just for tourist purposes. This post on Egyptian passport visa free countries list.Besides its enormous side attraction like Egyptian streets, cozy places, their food, culture especially “Herafeyyeen” and others, it has a good economic system that is favorable for trade which is boosted by a soothing atmosphere. An Egyptian passport holder has a good reason to be joyful about their flight escapade across the world. Egyptian Passport Visa Free Countries Ditto for long some passport holders never knew the countries they can access with free days and ...
Read more

1200+ Tinder Bios collection In 2018

Tinder bio is the impressive factor for a tinder user. You can impress anyone by simply write a good tinder bio on your application. At, Tinder wherever someone visits our profile, the first thing they noticed is your tinder bio. So we are try to make our tinder bio is unique and different from other . Tinder bio is the one place that you can use to provide a message to show publicly. Tinder users use this features to tell about their bio, hobby, Education etc. But it is not possible to get best tinder bios? So guys in this post I am sharing the huge collection of tinder bio. So, if you are searching for any best, cool, funny or good tinder bio then here we are sharing 1200+ awesome Tinder bio that you can use for your profile. This list contains best tinder bios , good tinder bios , funny tinder bios , best tinder bios for guys , tinder bios for girls , good tinder bios for guys , great tinder bios , funny tinder bios for guys , best male tinder bios , good tinder bios for men , best...
Read more

Taiwanese puppet master fights to save dying art

At 87 years old, Taiwanese glove puppeteer Chen Hsi-huang is the star of a new documentary which reflects his determination to revive the dying traditional craft and a late-life renaissance as a high-profile promoter of the art form. The film, entitled “Father”, tells the story of how Chen pursued the craft in the shadow of his father, the legendary puppeteer Li Tian-lu, who drew huge audiences to his shows in the 1950-1970s and appeared in several movies. Also known as “Budaixi”, glove puppetry spread to Taiwan in the 19th century from the southeastern Chinese province of Fujian and was mainly performed at religious and festive occasions, becoming a popular form of entertainment. Puppeteers manoeuvre small glove dolls on ornate wooden stages to present historical and martial arts stories accompanied by live folk music. Chen said he values the traditional puppetry because it is characterized by subtle movements, with the puppeteer taking on all roles, from a young woman to an old man. ...
Read more