Facebook has suffered an attack that exposed 50 million people’s personal accounts, the company has admitted.
A vulnerability in the social network’s code meant that hackers could take over people’s log-ins and see their most private information, the company said.
The issue related to the “view as” tool, which allows people to see their own profiles as they would look to other people. By exploiting that, hackers could steal the “access token” that keeps people’s accounts safe and then break into them, Facebook said.
The company found the flaw on Tuesday and has only just begun its investigation, it said, meaning that it cannot say how the bug was used and who by.
Law enforcement has been informed and the bug has been patched, it said. It has also completely turned off the “view as” feature for now and will reset those security codes so that anyone who broke into an account will now be kicked out, it said.
That will mean that some 90 million people – the 50 million people thought to be affected, as well as further 40 million who were subject to a “view as” request in the last year – will be kicked out of their accounts and will have to log back in. Having to do that does not necessarily mean that anyone has seen inside of your account.
Facebook did suggest that more people could be found to have been potentially affected, and that it is continuing its investigation.
A quick note from Facebook Themselves: (Source Official FB Blog)
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” Guy Rosen, its vice president of product management, wrote in a blog post.
“We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.”
The attack came about because of “complex interaction of multiple issues in our code”, Facebook said. It gave few details about how it would have been exploited, beyond the fact that it relied on the “view as” feature and that it “stemmed from a change we made to our video uploading feature in July 2017” that affected that tool.
Take a look at some of the steps that the average person can take to significantly reduce the exposure of their online data. As more and more of your sensitive data is handled online, knowing basic cyber security skills becomes critical. None of these fixes require advanced knowledge of computers or programming, just a little discipline and attention to detail. Of course, even if you implement all of the safeguards we suggest here, we cannot guarantee you will be 100% secure — but you will have made it significantly harder for an attacker to access your data.
MORE TO FOLLOW – DEVELOPING STORY
The DigibitVPN Team
You can sign up for DigibitVPN by clicking HERE to avoid these blocks ensure you have a good VPN & This VPN is connected to a non UK server to avoid these service blocks & get back to enjoying your streams.
True privacy shouldn’t break the bank! This is our right! So grab a 20% discount on our VPN with promo code “NOLIMITS” meaning you can sign up NOW for £2pm.