On Tuesday, 25 September Facebook was dealt its most massive security breach that sent shockwaves worldwide. 50 million of its users’ accounts had been left compromised, including that of its CEO Mark Zuckerberg and its COO Sheryl Sandberg via a major hack through a weakness in its “View As” feature that is part of the Facebook profile page with another 40 million accounts suspected to have been susceptible to the same security breach.
This latest security breach is by far the most widespread and most damaging as it enabled attackers to directly take over the control of the user’s Facebook account and left the users’ personal information exposed. The social media giant had been prompted to the breach by a sudden suspicious surge in user log-in on Sunday, 16 September. 9 days later on Tuesday, 25 September, its engineers discovered the largest security breach in the company’s history.Facebook said that the hack allowed the attacker to see everything in the account that had been hacked but was not sure if it included private messages.
Hackers preyed upon the vulnerability of the “View As” feature that is available on the account user’s profile page. This feature allowed users to view their profile page the same way that others would be able to look at it. Through its investigations, Facebook engineers found out that hackers exploited a series of bugs related to the “View As” feature to generate access tokens. This was a tool that enabled hackers to stay logged in without having to key in the required password every time they wanted to access the Facebook accounts. In fact, Guy Rosen, Vice-President of Product Management at Facebook confirmed that the shocking discovery of the breach also included other applications and sites that users had accessed using their Facebook accounts, making this latest security threat the most widespread Facebook had ever encountered. So dire was the security problem that it was said that the giant company had initially blocked the breaking stories about the major breach. Facebook, however claims that it was done accidentally through the system branding the news as spam.
Read the full article https://theindependent.sg/90-million-users-affected-by-latest-facebook-security-breach/