Big Facebook breach: 50 million accounts affected

By | 11:48 AM Leave a Comment

Facebook has suffered a data breach affecting almost 50 million accounts. Another 40 million have been reset as a “precautionary step”.

What’s happened?

In a post on the site earlier today, Facebook’s VP of Product Management, Guy Rosen, said that the breach was discovered on Tuesday 25 September.

Attackers exploited a vulnerability in Facebook’s “View As” feature to steal access tokens, which are the “digital keys” that allow you to stay logged into Facebook so you don’t need to re-enter your password every time you use the app.

Rosen says the vulnerability is now fixed.

We have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year.

Those affected will now have to log back into Facebook, and any apps that use Facebook Login.

Facebook has also turned off the “View As” feature while it investigates. This function allows you to see what a particular friend, or people you aren’t friends with, can see on your profile, such as old profile photos or posts you might not have restricted access to.

It’s still early days but Facebook says it looks like the hole was opened when developers made a change to the video uploading feature way back in July 2017. The attackers then stole an access token for one account, and then used that account to pivot to others and steal more tokens.

Facebook says it doesn’t yet know if any accounts were misused or information was accessed.

What to do

If you’ve been logged out by Facebook then your account is one of those affected. Rosen says there’s no need for anyone to change their passwords, but out of an abundance of caution (and especially if you’ve got a weak or reused password) now is as good a time as any to change it. Pick a strong and unique one!

You can also choose to log out of all your Facebook sessions by going to Settings > Security and Login. On this page you can see a list of all the places you’re logged in. Scroll down the page until you see Log out of all sessions and click it.



from Naked Security https://ift.tt/2N2S6m5

0 comments:

Post a Comment