According to Facebook announcement, hackers exploited a security gap in the "View As" function code, a feature that allows each user to see their profile the way a visitor sees it. This void allowed hackers to access access tokens, which they could then use to have full access to an account. Access tokens are a kind of "digital keys" that each webpage uses to prevent its user from repeatedly entering his / her password.
With the discovery of the attack, Facebook has canceled all access tokens for about 50 million accounts known to have been affected by the attack. As a precautionary step, it proceeded to the same move for an additional 40 million accounts that have been using View As for the past year.
As a result, the user will see that he/she is logged out of his/her account and will be notified of the event as soon as he/she is reconnected. Still Facebook has temporarily disabled the "View As" feature in order to perform further security checks.
In announcement, Facebook is apologizing to its users and says they have already begun a survey of who is behind the attack without having yet determined whether these accounts were misused. He also says he does not know if there was malicious access to his user information, but that is certain since hackers have had full access to those accounts.
No comments:
Post a Comment