Facebook Vulnerability Let Attackers Breach up to 50 Million Accounts
Facebook announced Friday that upwards of 50 millions users were affected by a vulnerability that allowed hackers to access their accounts via “access tokens”.
The vulnerability involved manipulating three different software flaws that allowed attackers to steal “access tokens” which allow people to normally log back into the network automatically without needing to enter their passwords. The bugs in question were created in July 2017 after an update to the video uploading feature.
The tokens gave attackers complete access to accounts, but as far as Facebook is aware the only information they were after were names, genders, and home towns. It is currently unknown to Facebook as to why they wanted this information, or if any posts or messages were affected by the breach. Though they did mention that passwords should be safe.
According to executives, while it’s not currently known if third party apps have been affected, attackers would have had control over Instagram but not WhatsApp.
Mark Zuckerberg stated that engineers had already patched the bugs causing the issue Thursday night, and that they have temporarily disabled the “view as” feature as well as logging all users out of their accounts.
Zuckerberg made the following statement on his own Facebook page
“We face constant attacks from people who want to take over accounts or steal information around the world, while I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place.”
The breach is the latest in a string of data privacy concerns following the Cambridge Analytica scandal that rocked the platform earlier this year.
Mark Warner, a US Senator from Virginia was quick to use the breach as an example of the privacy concerns of companies like Equifax and Facebook inadequately protecting the vast amounts of information they gather on people.
Mark Warner, Virginian Senator and critic of Fac made the following statement in regards to the breach
“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users, as I’ve said before — the era of the Wild West in social media is over.”
Guy Rosen, vice president of product management for Facebook commented saying that “People’s privacy and security is incredibly important , and we’re sorry this happened”