
Arthur J. Villasanta – Fourth Estate Contributor
Mountain View, CA, United States (4E) – Hackers successfully compromised 50 million Facebook accounts to steal confidential user data, forcing the social media giant to re-set 90 million accounts as a “precautionary step.”
Facebook was forced to reset users’ accounts to protect their security. Nearly 50 million people were affected by the hack attack. Facebook also reset the accounts of another 40 million users just to be on the safe side.
Facebook admitted the sophisticated cyberattack used a vulnerability in the site’s “View As” feature. To prevent further damage, the “View As” feature was deactivated, and trying to use it will result in an error message. As a result, 90 million users were logged out of their Facebook accounts on Sept. 28.
Facebook’s “View As” feature lets users see what their profile looks like from someone else’s view. Exploiting a flaw in this fearure allowed attackers to steal “access tokens” that provide entry to users’ personal accounts, said Facebook.
The affected access tokens keep users logged into Facebook on their devices. This feature saves users from having to reenter their password every time they want to use the site.
Facebook reset these access tokens because of the attack. This meant that 90 million users were automatically logged out of their Facebook accounts, as well as any other apps using Facebook to login.
Facebook has more than two billion users and the View As attack adds another ignominious chapter in a book of humiliations that include the infamous Cambridge Analytica flap.
Facebook CEO Mark Zuckerberg said the company is unsure if the affected accounts were actually accessed. He noted that logging-out the additional 40 million people, which includes users who have never used the “View As” feature, was simply precautionary.
“We face constant attacks from people who want to take over accounts or steal information around the world,” wrote Zuckerberg. “While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place.”
Article – All Rights Reserved.
Provided by FeedSyndicate
RSS