Last Updated on
Yesterday, Facebook claimed that it had fixed a security vulnerability that could have permitted hackers to log in more than 50 million accounts. The accounts of these 50 million users had been resettled by Facebook and also done the same thing to other 40 million accounts as a preventive gauge. This incident was very big for Facebook founder and CEO Mark Zuckerberg to post regarding the investigation of this breach. On this Mark Zuckerberg said via a Facebook post that ‘we do not yet make out whether these accounts were misused by hackers, however continuing to investigate and will very soon update as we learn more.’
He also wrote in a public apology in terms of this breach ‘we have a duty and responsibility to guard your personal data and in case we cannot then we don’t deserve to serve you at all.’
At what time this massive facebook breach took place?
The specified vulnerability was introduced on site on 2017 July. It was a time when Facebook launched a new video upload function for its users. However, Facebook did not become apparently clear till 16th September 2018 when it noted a spike in unusual activity. Facebook’s VO of Product Management, Guy Rosen said ‘on 25th September afternoon we uncovered this security attack. It was very soon notified and was also fixed on 27th September 2018 evening.’ He added that after that we began resetting the access token of people to care for the security of their accounts.
How it affects the users’ accounts and what was the cause?
On this Risen alleged that the hackers had exploited a vulnerability in Facebook’s code that affected its ‘View As’ feature. It allowed people to see their own Facebook profile appear has someone else. In this way, it was exploited. This vulnerability was caused by an amalgamation of three bugs which affects the access token. It is same as a digital key to keeping you log in to a Facebook account, by which you do not have to reenter the password to log in every time. On asking Rosen why it took Facebook so long to uncover this Facebook breach, he said ‘they always do code reviews and run static analysis tools but regrettably not able to catch this complex interaction of bugs that led to this vulnerability.’
Facebook does not know regarding the hackers that who attacked the site and FBI is investigating regarding this matter. Facebook is also not sure that Whatsapp and Instagram accounts were affected too. However were automatically secured once Facebook access tokens were canceled. The accounts of affected users have to unlink and relink their Facebook and Instagram accounts to cross-post to Facebook. It had been clarified by Facebook that no Whatsapp accounts get impacted due to this breach.
Rosen also had not provided any details in terms of the location of users affects. He only said that attack seems broad and investigators’ had not determined as who were particular targets.
This Facebook security breach was considered to be the largest in Facebook’s history till date. It is severe because the hackers stole access tokens of the users, as it is a kind of the digital security key that permit users to stay logged into their Facebook accounts over multiple browsing sessions. In this way, attackers have full control of users account. This security breach came at a time of serious trouble for a social media company which also faced many issues including the flow of misinformation, foreign election interference, data privacy, and hate speech.