Last weekend, Facebook announced that, in the event of a security problem, the data of almost fifty million users had been captured. It is not yet entirely clear how the hack exactly took place, but it has to do with a vulnerability in the way the View as function works.
In a blog, Guy Rosen, vice president of product management at Facebook, writes that research into the hack is still at an early stage. But it is clear that hackers have exploited a vulnerability in the Facebook code around the View As function.
What went wrong
The View As feature allows Facebook users to see what their profile looks like to someone else. This way you can better see the impact of certain privacy settings and see the layout if you change anything. Simply put, it’s a quick way to check that everything you don’t want to have in the public domain doesn’t become public.
According to Rosen, the vulnerability allowed the attackers to steal access tokens from users. These tokens can be used to take over someone else’s account. Access tokens are the equivalent of digital keys that keep people logged in to Facebook, so they don’t have to re-enter their password every time they open the app.
Measures taken
The leak was found last Tuesday and according to Rosen, the developers of the platform have taken quick action. Facebook has not only closed the leak, but has also taken the necessary legal steps. In order to guarantee the safety of the users affected by the leak, the access tokens of all these people have been reset.
But Facebook has taken it one step further and immediately reset the tokens of all 40 million additional accounts that have used the View As feature. So there are ninety million people who have to log in to Facebook again to reset their tokens. This affects all Facebook apps and locations where a user is logged in. Finally, the Display as function is temporarily disabled, so that additional measures can be taken.
Clumsy timing
It is not yet clear who the hackers are and with what intention they broke into Facebook’s servers. Rosen states that if research shows that more accounts have been affected, the tokens of these accounts will also be reset. In short: the company will in any case take all the necessary steps to prevent more people from being victims.
In any case, the timing is not very convenient for the social medium. In recent times, Facebook has regularly experienced problems with the protection of its users’ data. Think, for example, of the recent Cambridge Analytica scandal. There are also ongoing concerns about the distribution of fake news via the Mark Zuckerberg platform.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.