What could be worse than a million Facebook accounts hacked? 50 million Facebook accounts hacked
The social media giant issued a press release on the morning of last Friday detailing a potentially damaging situation for the billions of people who use Facebook on a daily basis: their accounts could have been hacked. Well, at least 50 million users would have been directly affected, as reported by specialists in ethical hacking from the International Institute of Cyber Security.
The security notice posted by Facebook is not abundant in details, but the little that is revealed is extremely disturbing.
“During the afternoon of Tuesday, September 25th, our ethical hacking team discovered a security problem that affects almost 50 million accounts”, the statement claims. “It is clear that the attackers exploited a vulnerability in the Facebook code that impacted on ‘view as’, a feature that allows people to view their own profile from the perspective of another user. This allowed them to steal Facebook access tokens that they could then use to intervene in the accounts of the affected users”.
That’s right, 50 million people are vulnerable to this attack but, of these 50 million users, how many times could this flaw have been exploited?
“50 million accounts were directly affected”, said Facebook’s VP of Product Management, Guy Rosen, in a call to the press on Friday morning, “and we know the vulnerability was used against them”.
“We saw that this attack was used on a fairly large scale”, Rosen added. “Attackers could use the affected accounts as if they were the owners”.
The Facebook press release does not go into more details.
“Since we just started our research, we still have to determine whether these accounts were misused or if any information was accessed”, the statement continues. “We don’t know who’s behind these attacks either”.
Subsequently, Facebook claimed to have solved the vulnerability, as a result of the maintenance, about 90 million people had to re-login to their Facebook accounts.
Facebook is working with security agencies and they mention that, for now, no action such as a password change is required, but, to be sure, users could get out of their accounts and log on again.
“If someone wants to take some precaution, we recommend visit the ‘Security and login’ section in the Setup menu”, reports the safety notice. “This option lists the places where people log on to Facebook with a one-click option to disconnect from all”.
Thus, ethical hacking specialists recommend that you click on that link and log off from your account on all web pages and applications at once. After that, you may need to stop and think about whether it is worth log in again into your social network accounts.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.