A security flaw lying in the ‘View As’ feature on Facebook has caused massive panic amongst millions of users. Almost 50 million Facebook users have been affected by a security flaw that was discovered on September 25. The social media company did not reveal the details of what happened until today.
The ‘View As’ feature has been disabled temporarily after a security review by the company. Facebook revealed in a statement “This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.”
Facebook offered their apologies and released an official statement that not only explains what the security flaw is all about; they also provided the technical details of the flaw. According to the social media giant, the flaw was located in the ‘View As’ feature that allowed users to see what their profile looks like to other people. Using an exploit, attackers could potentially steal Facebook access tokens and take over other people’s accounts. Digital keys are responsible for keeping people logged into Facebook, which prevents the need for a password every time a user opens up the official app.
The vulnerability has been patched, and law enforcement has been notified. Access tokens of all users who may have been affected are now reset. Access tokens of another 40 million users have also been reset. According to Facebook, anyone who has had their accounts looked up in the past year has been given an access token reset to minimize the odds of a security compromise. Users can also check for any suspicious activity on their accounts from their security settings.
What do you think about the security flaw found by the social media company? Let us know in the comments below. If you could share the article online, it would also be great so others can find it too. Come chat with us on Facebook and Twitter.