Facebook's last security hole: 50 million endangered users



[ad_1]

Facebook announced Friday a massive security breach of its website, which allegedly affected about 50 million user accounts.

Facebook 's engineering team discovered the violation on Tuesday, began an investigation into the subject and alerted law enforcement officials, according to a blog post published by the company. "As we have just started our investigation, we have not yet determined whether these accounts were misused or whether information was used," the social media giant said.

"We are facing constant attacks from people who want to take back accounts or steal information from around the world," said CEO Mark Zuckerberg on his Facebook account. "Although I am happy that we have found this, corrected the vulnerability and secured accounts that may be in danger, the reality is that we must continue to develop new tools to prevent this from happening."

In his blog post, Facebook said attackers exploited a vulnerability in its "View as" feature, which allows users to see how their profile appears to someone else on the flat. -form. According to CNBC, the social media network first became aware of a potential attack on users on September 16th.

This vulnerability allowed hackers to "steal access tokens to Facebook, which they could then use to take over people's accounts," the Facebook blog added. "Access tokens are the equivalent of digital keys that allow users to connect to Facebook, so they do not need to re-enter their password every time they use the app."

The company claims to have corrected the vulnerability and reset the access tokens of 50 million directly impacted accounts, as well as 40 million accounts that could have been at risk through the "View as" feature. This means that about 90 million people will have to reconnect to Facebook or any application that depends on their Facebook connection.

"Facebook had a difficult year and it just got worse," said Adam Levin, founder of CyberScout, a company that assists companies in the field of cybersecurity. "Billion of members, 50 million users may no longer seem like a big problem, but it's true.The number of people affected by this violation is about equal to the total population of the west coast of the United States. "

In the meantime, Facebook said to have temporarily disabled the "View as" feature in the light of the security investigation.

READ MORE: How algorithms reproduce social and racial inequalities

"This attack exploited the complex interplay of several problems in our code," continues the Facebook blog. "This is due to a change to our video upload feature in July 2017 that had an impact on" View As. "Attackers had to not only find this vulnerability and use it to get a chip token. But then they had to go from one account to another to steal more chips. "

Facebook does not yet know who the hackers are or where they are based.

In his statement, Levin stated that since the violation occurred after an upgrade, "any changes to networks, software, and other systems must be immediately tested and monitored for vulnerabilities that may have been caused." that "the approach to cybersecurity is obsolete, an effective vulnerability management program is crucial".

Facebook was already down, but after the release, the company expanded its losses to 3.5 percent, CNBC reported.

[ad_2]
Source link