Skip to main content

50 Million Facebook Accounts Compromised, Is Your Business Page Safe?

The security breach which was discovered by Facebook (NASDAQ: FB) engineers on September 25 allowed the attackers to take direct control over user accounts; around 50 million of them to be exact.

The Latest Facebook Security Breach

In addition to the 50 million, Facebook also said there were another 40 million accounts which were potentially vulnerable. All said, the company logged out 90 million accounts to prevent further damage.

In a security update, Facebook admitted the attack was able to exploit the complex interaction of multiple issues in its code. This came about from a change the company made to its video uploading feature in July of 2017 affecting the “View As” feature.

Facebook said, “The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.”


This attack couldn’t have come at a worse time for Facebook. The company is trying to ratchet up its security before the upcoming mid-term elections while at the same time trying to recover from the Cambridge Analytica fiasco in which data from about 87 million users was shared with a political consulting agency.

The View As Feature

  1. The View As feature allows users to see how a profile looks to other people.
  2. The attackers were able to exploit three flaws or bugs in the “View As” feature. In the same security update, Pedro Canahuati, Vice President of Engineering, Security and Privacy, listed those flaws as follows:

  4. View As incorrectly provided the opportunity to post a video.
  5. A new version of the video uploader (the interface that would be presented as a result of the first bug), introduced in July 2017, incorrectly generated an access token that had the permissions of the Facebook mobile app.
  6. When the video uploader appeared as part of View As, it generated the access token NOT for the viewer, but for the user the viewer was looking up.
  7. Facebook said it has turned off the View As feature temporarily while it conducts a security review.

Tricking Facebook to Issue Access Tokens

With this vulnerability, the attackers were able to trick Facebook into issuing them access tokens. This gave them access to user accounts as if they were the user.

They also had access to services the user might’ve registered for using Facebook such as Airbnb, Spotify, Tinder or other apps and games.


Facebook has reset the access tokens of the 50 million accounts that were affected as well as the additional 40 million accounts that might’ve been vulnerable.

If your account was one of the 90 million affected by this incident, you will be prompted to re-login on Facebook and any linked accounts.

Who is Responsible?

In a conference call (PDF) Guy Rosen, Vice President of Product Management for Facebook said the company has notified law enforcement and is working with the FBI.

As to who is responsible, Rosen goes on to say it is hard to discover who was behind the attack, adding “We may never know.”

Labels:

Popular posts from this blog

EGYPTIAN PASSPORT VISA FREE COUNTRIES 2018 LIST

LIST OF EGYPTIAN PASSPORT VISA FREE COUNTRIES 2018 There is a certain number of benefits available to the Egyptians citizens in the event of traveling around the world. Egypt has stood out to become one of the zenith priority of many outsiders for years now who prefer transacting business and exchange of good and services due to wonderful business climate and its uninterrupted power supply or also for some they prefer the passport just for tourist purposes. This post on Egyptian passport visa free countries list.Besides its enormous side attraction like Egyptian streets, cozy places, their food, culture especially “Herafeyyeen” and others, it has a good economic system that is favorable for trade which is boosted by a soothing atmosphere. An Egyptian passport holder has a good reason to be joyful about their flight escapade across the world. Egyptian Passport Visa Free Countries Ditto for long some passport holders never knew the countries they can access with free days and ...
Read more

indore girls whatsapp numbers for chat and friendship sobia sha 2018

Indore Cute girls Whatsapp mobile numbers for chat Hello boys and girls. here we are back with another best Indore girls WhatsApp numbers collection. if you think you want some girls for chat and friendship and looking for girls from your area then you are at right place. we are giving real Indore girls number for WhatsApp and online chatting. so if you not able to find any girls on your school or college and want some real fun then you can use this number to make online friends. Chat with Smita on Whatsapp                     GIRLS WHATSAPP NUMBERS indore girls whatsapp numbers for chat and friendship February 1, 2018 - by admin - 118 Comments. indore girls whatsapp numbers 1 Indore Cute girls Whatsapp mobile numbers for chat 1.1 Chat with Smita on Whatsapp 1.2 Indore girls WhatsApp mobile numbers for chat and friendship Indore Cute girls Whatsapp mobile numbers for chat Hello boys and girls. here we are back with another best Indore gi...
Read more