Facebook discovered a security issue on its computer network and it had exposed the personal information of almost 50 million users.
“This is a very serious security issue, and we’re taking it very seriously,” said CEO Mark Zuckerberg on a call with reporters.
Facebook’s engineering team found that attackers identified a loophole in Facebook’s code on its “View As” feature. Essentially, “View As” is a feature on Facebook that lets users see what their profile looks like to other users on the platform. Hackers exploited this feature in Facebook’s code to gain access to user accounts and potentially take control of them.
This vulnerability, which comprised of three separate bugs, additionally enabled the hackers to get to tokens. Around 50 million accounts had their access tokens taken, and Facebook has reset those tokens.
But, after this incident, the Facebook team has suspended the “View As” feature to review its security. Facebook said it fixed the issue on Thursday night and has notified law enforcement including the FBI and the Irish Data Protection Commission in order to any address General Data Protection Regulation (GDPR) issues.
Early Friday, Facebook forced more than 90 million users to log out from the platform and as soon as the security issue identifies, the company took safety measure to solve further issues. Facebook said it will immediately reset those users’ access tokens if additional accounts are affected. Further, the company stated that there is no need to change passwords.
Organization authorities don’t have a clue about the origin of the attackers and the officials are investigating the same. The hackers could have gained access to apps like Spotify, Instagram or some other platforms that give users a way to log into their systems via Facebook.
Source – NDTV Gadgets