Facebook hacking is even worse than at first, the company admitted.
The site had previously admitted that a hole in its code would allow people to access any account, a problem that affects about 50 million users.
But later, he added that the problem would also affect his service "Facebook Login", which allows other applications to use the Facebook account of people to connect.
This means that once a hacker would have access to a person's Facebook account, she could end up in the rest of her digital life. This could include other Facebook applications, such as Instagram, but also third-party applications using the login service, such as Tinder.
"The vulnerability was on Facebook, but these access tokens allowed someone to use the account as he was the owner," said Guy Rosen, vice president. of Facebook's product management, which revealed the vulnerability in a blog Friday.
The latest hacking involved bugs in Facebook's "show as" feature, which allowed people to see how their profile was portrayed to others. Attackers used this vulnerability to steal digital keys, called "access tokens", from accounts of people whose profiles were searched for using the "View as" feature. The attack is then moved from one Facebook friend from one user to another. Possession of these tokens would allow attackers to control these accounts.
One of the more than a year-old bugs was affecting how the "View As" feature interacted with Facebook's video upload feature for "Happy Birthday" posts, Rosen said . But it's only in mid-September that Facebook has noticed an unusual upsurge in activity, and not until this week that it learned the attack, did it? -he declares.
The nature of the hack means that there are few users who can protect themselves. Facebook says it has already fixed the flaw by disconnecting everyone from its accounts and suspending the "View as" feature.
"There is no evidence that people need to take action such as changing their passwords or deleting their profiles," said a spokesman for the National Cyber Security Center.
"However, users must be particularly vigilant about possible phishing attacks, because if the data had been accessed, they could be used to make fraudulent messages more credible."