Facebook "View As" Hack Affects over 90 Million Accounts

cageymaru

[H]ard as it Gets
Joined
Apr 10, 2003
Messages
19,817
Facebook has acknowledged being hacked on Tuesday, September 25th and the security issue directly affected almost 50 million accounts and another 40 million indirectly. The "View As" feature that Facebook implemented in July 2017 is the source of the security issue. The "View As" feature allows users to see what their own profile looks like to someone else. Hackers used this to steal Facebook access tokens which they used to take over accounts belonging to other members of the service. Think of "access tokens" as "digital keys" that allow a person to remain logged into the service without having to re-enter their password when they use the app.

Law enforcement has been contacted and access to "View As" functionality has been disabled until a more secure implementation can be created. Those affected have been notified at the top of their Facebook News Feed and Facebook's security team is working diligently to find out who and from where the attack originated. If they find more affected accounts then they will reset the security tokens for those also. Thanks DejaWiz !

This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted "View As." The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens. There's no need for anyone to change their passwords. But people who are having trouble logging back into Facebook -- for example because they’ve forgotten their password --should visit our Help Center.
 

Dead Parrot

2[H]4U
Joined
Mar 4, 2013
Messages
2,705
With any luck, mine gets stolen and I won't have to go through the lost password process to kill the damn thing. Haven't used it in so long, no clue what the password is.
 

Zepher

[H]ipster Replacement
Joined
Sep 29, 2001
Messages
17,188
there was a digital token exploit a few years back. I can't remember what program I used, but if you went to an open wifi, like a hotel, the program could grab tokens from people that were browsing facebook.
Once you had the token, you were basically in that persons account, could post, add/remove friends, etc..
 

Gweenz

[H]ard|Gawd
Joined
Dec 18, 2003
Messages
1,216
The programmers are only human... give them a break! Everyone makes mistakes...
I cannot, because the stakes are too high. These companies have way to much power for the "benefit" they give to society. If they were curing cancer, I would accept mistakes. They're just making the world dumber.
 

ol1bit

[H]ard|Gawd
Joined
Jan 15, 2007
Messages
1,232
All Facebook is anymore is a political vent application. I do use it to argue with people though. sigh...
 

Krenum

[H]ardForum Junkie
Joined
Apr 29, 2005
Messages
15,823
With any luck, mine gets stolen and I won't have to go through the lost password process to kill the damn thing. Haven't used it in so long, no clue what the password is.
lol same here. I hope they find my nudie pics! :cautious::shifty:
 
Top