Facebook investigating ‘worst ever’ security breach affecting 50 MILLION users that could have let hackers take over user accounts – including Mark Zuckerberg’s
- Facebook on Friday admitted to a security breach that affected 50 million users
- The social media giant said attackers exploited Facebook’s ‘View As’ feature, which lets people view what their profiles look like to other people
- This could have potentially exposed private messages, photos and posts
- The firm is working with the FBI to conduct further investigations into the attack
- The attackers took advantage of a feature in the code, called ‘Access Tokens’
- Access Tokens don’t include a user’s password, but they let you log in without it
- Mark Zuckerberg said passwords and credit card details were not accessed
- 90 million users have been logged out of their account as a security measure
- Some Twitter users reported that Facebook prevented them from sharing coverage of the breach from the Associated Press and the Guardian
Facebook has discovered a massive security breach affecting 50 million user accounts – including those of Facebook boss Mark Zuckerberg and COO Sheryl Sandberg.
The social media giant said attackers exploited the site’s ‘View As’ feature, which lets people see what their profiles look like to other users.
The unknown attackers took advantage of a feature in the code called ‘Access Tokens,’ to take over people’s accounts, potentially giving hackers access to private messages, photos and posts – although Facebook said there was no evidence that had been done.
The hackers also tried to harvest people’s private information, including name, sex and hometown, from Facebook’s systems.
Facebook said it doesn’t yet know if information from the affected accounts has been misused or accessed, and is working with the FBI to conduct further investigations.
However, Mark Zuckerberg assured users that passwords and credit card information was not accessed.
As a result of the breach, the firm logged roughly 90 million people out of their accounts earlier today as a security measure.
The firm learned of the incident on Tuesday and notified law enforcement on Wednesday. By Thursday, the firm had patched the vulnerability and started resetting access codes.
‘We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a ‘View As’ look-up in the last year,’ Rosen wrote in a separate blog post.
‘As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login.
‘After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.
Users began noticing on Thursday that they had been logged out of their account.
Affected users are prompted to log back in Facebook when they try and access the site. They’ll then be sent an authentication code to an email address or mobile device.
Users are instructed to enter the code in order to log back into their Facebook account. However, not all users were able to get back into their account.
Source: Daily Mail
More Around IIS Sport