Last Friday (September 28th) Facebook announced that they had suffered an attack and over 50 Million users were at risk.
So how serious was this latest breach?
What we know…
• The vulnerability had to do with users ‘view as’ feature.
• 50 Million Facebook users fell victim.
• Facebook logged 90 Million users out as a precaution.
• Hackers were able to see everything in a user’s profile, although we are unclear if this included private messages.
• Third-party sites users logged into Facebook on were also compromised.
How did it happen?
Hackers used a sophisticated method to steal users’ information. The hackers accessed Facebook accounts by exploiting code connected to the social networks ‘view as’ feature, by doing this it allowed them to steal “access tokens”. These tokens are what allowed the hackers to access Facebook users accounts. Although these tokens are not passwords, it still gave the hackers access to login to accounts with no need of a password. Account passwords were not accessed directly however, you should always change your password regularly or after a breach to stay safe online.
Facebook later went on to announce that this breach had also affected third-party apps that users have linked to their Facebook including Instagram.
To be cautious the social networking site logged around 90 Million of its users out of their accounts. If you found your account to be logged out this weekend we advise you change your passwords to Facebook and any connecting sites.
What are access tokens?
Access tokens are something you get when you first set up an account on a computer system. These tokens keep a hold of your security credentials the first time you ever set up a login with an account. One purpose of these tokens is so you can stay logged in to accounts that you use frequently such as Facebook. These tokens hold information including the identity and privileges the user account holds.