Facebook "View As" Hack Affects over 90 Million Accounts

Discussion in '[H]ard|OCP Front Page News' started by cageymaru, Sep 28, 2018.

  1. cageymaru

    cageymaru [H]ard|News

    Messages:
    19,420
    Joined:
    Apr 10, 2003
    Facebook has acknowledged being hacked on Tuesday, September 25th and the security issue directly affected almost 50 million accounts and another 40 million indirectly. The "View As" feature that Facebook implemented in July 2017 is the source of the security issue. The "View As" feature allows users to see what their own profile looks like to someone else. Hackers used this to steal Facebook access tokens which they used to take over accounts belonging to other members of the service. Think of "access tokens" as "digital keys" that allow a person to remain logged into the service without having to re-enter their password when they use the app.

    Law enforcement has been contacted and access to "View As" functionality has been disabled until a more secure implementation can be created. Those affected have been notified at the top of their Facebook News Feed and Facebook's security team is working diligently to find out who and from where the attack originated. If they find more affected accounts then they will reset the security tokens for those also. Thanks DejaWiz !

    This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted "View As." The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens. There's no need for anyone to change their passwords. But people who are having trouble logging back into Facebook -- for example because they’ve forgotten their password --should visit our Help Center.
     
    DejaWiz likes this.
  2. HorseproofBacon

    HorseproofBacon Limp Gawd

    Messages:
    277
    Joined:
    Nov 22, 2016
    Was wondering why I got logged out twice today. Changed password anyway, even though they said there was no need.
     
    steakman1971 and AceGoober like this.
  3. clockdogg

    clockdogg Gawd

    Messages:
    688
    Joined:
    Dec 12, 2007
    So....Facebook's security team working diligently since July 2017. Nothing to worry about then.
     
    AceGoober and cageymaru like this.
  4. Gweenz

    Gweenz [H]ard|Gawd

    Messages:
    1,204
    Joined:
    Dec 18, 2003
    This is one of the most powerful companies on earth, folks.
     
    AceGoober likes this.
  5. LostMF1

    LostMF1 n00bie

    Messages:
    30
    Joined:
    Sep 20, 2018
  6. LigTasm

    LigTasm [H]ardness Supreme

    Messages:
    5,497
    Joined:
    Jul 29, 2011
    So is facebook pretending security matters while selling your data on the side? Are they just upset over the lost profits?
     
    mashie, qb4ever, steakman1971 and 2 others like this.
  7. Krenum

    Krenum [H]ardForum Junkie

    Messages:
    14,413
    Joined:
    Apr 29, 2005
  8. gxp500

    gxp500 Gawd

    Messages:
    797
    Joined:
    Mar 4, 2015
    The programmers are only human... give them a break! Everyone makes mistakes...
     
  9. Kwaz

    Kwaz Whine & Cheezy

    Messages:
    3,487
    Joined:
    Sep 3, 2014
    ff5.gif
     
    LostMF1 likes this.
  10. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,152
    Joined:
    Mar 4, 2013
    With any luck, mine gets stolen and I won't have to go through the lost password process to kill the damn thing. Haven't used it in so long, no clue what the password is.
     
  11. Zepher

    Zepher [H]ipster Replacement

    Messages:
    16,674
    Joined:
    Sep 29, 2001
    there was a digital token exploit a few years back. I can't remember what program I used, but if you went to an open wifi, like a hotel, the program could grab tokens from people that were browsing facebook.
    Once you had the token, you were basically in that persons account, could post, add/remove friends, etc..
     
  12. Gweenz

    Gweenz [H]ard|Gawd

    Messages:
    1,204
    Joined:
    Dec 18, 2003
    I cannot, because the stakes are too high. These companies have way to much power for the "benefit" they give to society. If they were curing cancer, I would accept mistakes. They're just making the world dumber.
     
    JStamsek likes this.
  13. JStamsek

    JStamsek Douche Canoe

    Messages:
    8,966
    Joined:
    Mar 24, 2016
    Have you ever been a victim of identity theft?
     
  14. Zepher

    Zepher [H]ipster Replacement

    Messages:
    16,674
    Joined:
    Sep 29, 2001
  15. ol1bit

    ol1bit [H]ard|Gawd

    Messages:
    1,225
    Joined:
    Jan 15, 2007
    All Facebook is anymore is a political vent application. I do use it to argue with people though. sigh...
     
  16. Bobert

    Bobert Limp Gawd

    Messages:
    175
    Joined:
    May 22, 2011
    Mark cares about your privacy

    original.jpg
     
  17. mullet

    mullet [H]ard|Gawd

    Messages:
    1,558
    Joined:
    Aug 19, 2004
    You mean bookface SOLD 90 million accounts of data.
     
  18. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,949
    Joined:
    Dec 15, 2003
    It's ok, I have 2FA .... Err, wait.

    Facebook is on a roll lately.
     
  19. Krenum

    Krenum [H]ardForum Junkie

    Messages:
    14,413
    Joined:
    Apr 29, 2005
    lol same here. I hope they find my nudie pics! :cautious::shifty: