Facebook revealed on Friday September 28, 2018 that over 50 million of its users were left exposed by a security flaw. The company said attackers were able to exploit a vulnerability in a feature known as “View As” to gain control of people’s accounts.
According to Facebook management, the breach was discovered on Tuesday September 25, 2018 and the police has been informed about the incident.
Users that had potentially been affected were prompted to re-login on Friday. The flaw has been fixed, the firm’s head of security, Guy Rosen, assured Facebook users.
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. Also, people’s privacy and security is incredibly important, and we’re sorry this happened,” he added.
Facebook’s “View As” function is a privacy feature that allows people to see what their own profile looks like to other users, making it clear what information is viewable to their friends, friends of friends, or the public.
Attackers found multiple bugs in this feature that “allowed them to steal Facebook access tokens, which they could then use to take over people’s accounts”, Mr Rosen explained.
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” he concluded.
Created in February 2004, Facebook is one of the popular social networking sites. Unfortunately, the site has been facing security challenges from hackers as the number of Facebook accounts hackings seems to be on the increase.
