(The AEGIS Alliance) – Facebook announced yesterday that around 50 million user accounts had been impacted by a security breach which made it possible for attackers to potentially take over user profiles.
“This is a serious issue, and we’ve already taken a number of steps to address this,” Mark Zuckerberg, CEO of Facebook explained at a press call.
“We’re in touch with law enforcement to help identify the attackers,” Zuckerberg mentioned.
Vice President of product management for Facebook, Guy Rosen, explained in a press release that this issue had been the result of an exploit discovered in the social media site’s View As feature. This feature allows users to see what their own profile looks like from other users’ perspective.
“Our investigation is still in its early stages,” Rosen explained in a blog post. “But it is clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else.”
“This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts,” Rosen stated. “Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
Rose states that Facebook has already addressed and fixed the flaw, and has reset the access for the 50 million accounts that were impacted. They have also reset the access tokens to an additional 40 million accounts that were subjected to a View As look up, as a measurement of precaution. 90 million users will have to log back into their Facebook accounts in total the next time they open the Facebook app or if they use an app that uses a login to Facebook.
Rosen, in his blog post, states that Facebook still is not sure just who the attackers were that used this exploit, or if personal data was accessed.
Facebook has been under increased scrutiny ever since the Cambridge Analytica scandal which broke the news back in April. The issue of user privacy and data protection has become a matter of national importance in the United States. During Wednesday, the Senate Commerce Committee held a public hearing regarding data protection and user privacy, it included representatives from Amazon, Google, Apple, Twitter, AT&T and Charter.
Sheryl Sandberg of Facebook also attended a meeting before the Senate Intelligence Committee just last month, where it was discussed how the company was working to prevent future election interference similar to what occurred during the 2016 Presidential election in the US.
Kyle James Lee – The AEGIS Alliance – This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.