Facebook alerted users today that its engineering team on Tuesday had discovered a security issue affecting almost 50 million accounts. From Facebook's
official report
posted this morning: "Our investigation is still in its early stages.
But it's clear that attackers exploited a vulnerability in Facebook's
code that impacted 'View As', a feature that lets people see what their
own profile looks like to someone else. This allowed them to steal
Facebook access tokens which they could then use to take over people's
accounts. Access tokens are the equivalent of digital keys that keep
people logged in to Facebook so they don't need to re-enter their
password every time they use the app."
—
"This is a really serious security issue, and we’re
taking it very seriously," said Mark Zuckerberg told reporters. "We have
a major security effort at the company that hardens all our surfaces
and investigates issues like this. ... It definitely is an issue that
this happened in the first place. This underscores the attacks that our
platform and community face."
—
Impact on non-Facebook properties: "FB's press office
is no doubt being flooded now, but a key unanswered question is whether
this bug impacts non-facebook properties, since millions of site let
people log in with their FB accounts.
0 Comments