[ad_1]
Receive instant alerts when news is broadcast on your inventory. Claim your free 2 week trial at StreetInsider Premium right here.
Facebook (NASDAQ: FB) said in its newsroom:
In the afternoon of Tuesday, September 25, our team of engineers discovered a security problem affecting nearly 50 million accounts. We take this very seriously and want to let everyone know what has happened and the immediate steps we have taken to protect people's safety.
Our investigation is still in its infancy. But it is clear that the attackers exploited a vulnerability of the Facebook code that affected "View As", a feature that allows users to see what their own profile looks like. This allowed them to steal Facebook access tokens, which they could then use to resume the accounts of the people. Access tokens are the equivalent of digital keys that allow users to stay connected to Facebook. They do not need to re-enter their password each time they use the application.
Here is the action we have already taken. First of all, we corrected the vulnerability and informed the forces of the order.
Second, we reset the access tokens of nearly 50 million accounts that we know have been allocated to protect their security. We also take the necessary precautions to reset the access tokens to 40 million additional accounts that have been the subject of a "View As" consultation over the past year. As a result, approximately 90 million people will now need to reconnect to Facebook or to one of their applications using Facebook Login. After reconnecting, users will receive a notification at the top of their news feed to explain what has happened.
Third, we temporarily disable the "View as" feature when we perform a thorough security review.
This attack exploited the complex interaction of several problems in our code. This is due to a change to our video upload feature in July 2017 that impacted View As. Hackers had to not only find this vulnerability and use it to get an access token. others to steal more chips.
As we have just started our investigation, we still need to determine if these accounts were misused or if information was accessed. We do not know who is behind these attacks or where they are based. We strive to better understand these details – and we will update this message when we have more information or if the facts change. In addition, if we find other accounts affected, we will immediately reset their access tokens.
The privacy and security of people are extremely important and we regret that this happened. That's why we took immediate steps to secure these accounts and inform users of what happened. Nobody needs to change their password. But people who have trouble logging in to Facebook, for example, because they forgot their password, should visit our Help Center. And if anyone wants to take precautionary steps to log out of Facebook, he should check the "Security and connection" section in Settings. It lists the places where people are connected to Facebook with an option in one click to disconnect from all.
[ad_2]
Source link
