Facebook has just announced that some 50 million accounts on the platform were hacked. The social media firm’s vice president of product management, Guy Rosen took to the company’s newsroom website stating that Facebook’s engineering team found the anomaly on September 25 that affected around 50 million accounts and that the investigation is in early stages for now.
Rosen says that hackers used Facebook’s ‘View As’ feature to steal Facebook access tokens, which could be used to take over the accounts of others. For those unaware, the ‘View As’ feature shows up when you edit your account details or the profile picture. This is used to view your own account as someone else. As the firm explains, access tokens are ‘digital keys’ that keep users logged in to Facebook so they don’t have to enter their passwords every time they visit the site.
“This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens,” added Rosen in the post.
The firm has not yet concluded who is behind the hack or if the information accessed by them have been misused anywhere online.
For now, Facebook has taken three steps to temporarily curb the vulnerability on the website. It has:
Facebook is going through tough times lately because of the whole Cambridge Analytica fiasco and the aforementioned breach may only add fuel to the fire. If in case your account is hacked or you see any kind of anomaly, you can visit Facebook’s Help Centre page. The company says that there is no need to change your account password.