Cyber Security Breach Affects 50 Million Facebook Users

Around 50 million accounts of Facebook users got affected in a major incident of cyber security breach, as per the social networking website on September 28, 2018.

Guy Rosen, Facebook's VP of Product Management, said in blog post that the security issue affecting around 50 million accounts was discovered by their engineering team.

Rosen wrote that the attackers exploited Facebook's code vulnerability which impacted the "View As" feature - that lets the user see how his/her profile appears to someone else. Rosen further added that "this allowed them to steal Facebook access tokens which they could then use to take over people's accounts". The access tokens, similar like the digital keys, allow the users to remain logged into the Facebook website in the background, without requiring re-entering the passwords every time the user wanted to launch the Facebook app on their phone or open Facebook site in a browser.

In a press call, Rosen revealed to the reporters that, "the vulnerability itself was the result of three distinct bugs and was introduced in July 2017". He added that, "it's important to say -- the attackers could use the account as if they were the account holder". However, Rosen further confirmed on the call that the vulnerability of the website has been fixed now, and Facebook is now working with FBI on the issue.

The CEO of Facebook, Mark Zuckerberg, in a call told the reporters that, the issue has now being resolved and they "are taking precautionary measures for those who might have been affected".

Facebook is still probing on the incident. The access tokens have been reset for each and every account that Facebook confirms of being affected by the breach. Besides as precautionary measure, the access tokens of those users who clicked on the 'View as' feature last year are also being reset. Rosen has written that they do not know who is behind the hacking, or from where the attacker is from.

Facebook, however, has apologized for this incident, and said that the security and privacy of the users is the first and the foremost priority for the company. It also said that this is why they have taken immediate steps to secure the affected accounts and also informed the users about the security breach. It also told the users that there is no need to change their account passwords. The Company said that if the users have any problem in logging into their account, they should visit the Help Center.

» SPAMfighter News - 10/11/2018