3 bugs found in the “View As” feature put around 50 million Facebook users' accounts at risk
Just several days ago, the Facebook team announced a successful attempt to steal users' access tokens and misuse them for the takeover. According to the report, hackers managed to break into the company's servers and misuse 3 different bugs found in the “View as” function to make one vulnerability to steal data of almost 50 million users.
The breach was discovered on Tuesday, but the company has no knowledge on what kind of information might have been exposed due to the attempt that was made on its 50 million users. Besides, it claims that it has no information on who is responsible for the recent events:
Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based.
Some information about the “View As” function
“View As” is the function that allows every single user to look how their profile is shown to others. This feature helps you discover what type of information you are exposing to your friends, friends' friends and people that you don't even know.
The “View As” function does seem valuable if you want to make sure that no unwanted details are posted on your Facebook account to random users. However, the anonymous group (?) of hackers found out a way to misuse this feature for bad purposes which let them hack into numerous accounts and take them under their control by stealing their access tokens.
The flaw has already been taken care of
Facebook has already taken specific actions against the flaw. The company has already made 90 million users who seemed to be at risk of this brutal hack log back to their accounts. Also, the “View As” function is not available for the use at the moment.
However, even though the threat was taken care of, Facebook managed to detect that the share price has dropped more than 3% this Friday. Another bad news is that this attempt could have been made on users who have accounts in other commonly used websites, such as Instagram, Tinder, and others.
Mark Zuckerberg claimed that the company takes security requirements very seriously and is keen on protecting users' data. However, the vice-president at Forester, Jeff Pollard, thinks that criminals seek for hacking into accounts that include various sensitive data and this makes Facebook a great target:
Attackers go where the data is, and that has made Facebook an obvious target, he said. The main concern here is that one feature of the platform allowed attackers to harvest the data of tens of millions of users.
What should you do to stay safe
If you have been made to re-login on Facebook recently, it means that the company thinks that you can be one of those who got attacked. In this case, you should:
- Turn on two-factor authentication on Facebook;
- Update your passwords on all social networks, including Instagram, Twitter, etc.;
- Be careful with spam and phishing that can start affecting you because of the email address leak;
- Keep your software updated.