Social media giant Facebook was hacked last Tuesday, revealed the Facebook team last Friday. 3 bugs were used by the hacker or hackers in this security breach which has affected 50 million FB accounts.
After delivering the trust shattering news, a press release from Facebook had this to say:
“We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.”
According to professional web app hacker and cybersecurity researcher Thomas Shadwell, the hackers probably stole what are known as Access tokens or OAuth bearer tokens.
“OAuth tokens are like car keys, if you're holding them you can use them, there's no discrimination of the holder.” said Shadwell.
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” Facebook’s release explains.
Facebook has also revealed that the gateway used by the perpetrators to breach Facebook’s defenses was one of the app’s features, the “view as” one to be precise. The feature was affected way back in July 2017, when Facebook made a change to their video uploading feature. The View As feature basically lets you see what your profile looks like to someone else viewing it. For example, if you’ve edited the privacy on all your posts so that your brother can’t see them, you can use the View As feature to test if the privacy settings are working by viewing your profile as if you were your brother.
“It looks like when Facebook built the View As feature, they did this by making it a modification of how Facebook would work if actually viewed by that other user,” said Shadwell. “Which of course means if there’s a mistake they might end up sending the impersonated user’s credentials to the user of the ‘View As’ feature.”
Although Facebook has stated that the access tokens of 50 million accounts have been stolen, it is possible that the actual number is much higher. Nonetheless, the social media prodigy has taken some steps to get ahead of the situation such as resetting the access tokens for the affected accounts and also for an additional 40 million just to be on the safe side. Facebook has also turned off the View As feature for the time being.
Although it is yet to be determined if the breached accounts were misused in any way, the breach has raised a lot of question marks and red flags regarding just how much people can and/or should trust Facebook and other tech providers, like Google, to keep their information safe. If a tech giant like Facebook even with all its resources can have millions of accounts hacked, can we really trust these companies to keep our private information safe and secure anymore? Leave your thoughts in the comments below!
Recently Added PropertiesView All