Hackers attack Facebook, 50 million accounts affected
A newly discovered security flaw has forced Facebook to disable a popular feature and force 90 million users to log in again.
 |
According toVerge, a security flaw that allowed hackers to access users' Facebook accounts by harvesting their security tokens. The flaw affected 50 million people, and Facebook said it was forced to force 90 million user accounts to completely log back in today to be safe. The remaining 40 million people were at risk, so the company included them in this list.
According to a Facebook representative, the problem has been temporarily fixed and the company has also notified law enforcement agencies in the US. This is not a normal random technical error, but engineers have detected traces of a targeted exploit and used by some organizations or third-party hackers. The company first became aware of the problem on September 25, but Guy Rosen, Facebook's vice president of product management, said it is not clear whether any accounts were actually compromised.
This is also the reason why many Facebook users in the country and around the world were kicked out of Facebook and Messenger yesterday afternoon. On September 28, many members shared on Facebook their uncomfortable feeling of being "forced" to log out of their accounts while browsing information or chatting with friends. "Something seems to have happened today that Vietnamese Facebook accounts were forced to log out en masse," one user wondered.
"On Tuesday, we discovered that an attacker exploited a technical vulnerability to steal access tokens that would have allowed them to log into about 50 million people's accounts on Facebook," CEO Mark Zuckerberg wrote in a post on his personal page. "We don't yet know if these accounts were compromised, but we're continuing to look into it and will update you as soon as we have more information."
The vulnerability stems from Facebook’s View As feature. Normally, it allows account owners to see which person or group of people can see what content on their personal page. However, the vulnerability turns this feature into a tool for hackers to log into users’ accounts through a digital token without having to use a password.
In addition to forcing 90 million people to log in again, Facebook said it would temporarily disable the View As feature until the security review is complete. Facebook has not issued any specific warning to users about changing their passwords.
After the scandal of leaking and buying information of 87 million users earlier this year, this could be the second big trouble to come to Facebook in 2018. The incident happened just a month after the company's former Chief Security Officer (CSO), Alex Stamos, left the company. Facebook later said that it was not in a hurry to hire a new CSO but would restructure its security department first.
