Facebook faced a zero-day vulnerability attack that allowed hackers to steal secret access tokens from more than 50 million accounts.
The vulnerability was found in the “View As” feature which allows the user to view their profile from another perspective. Hackers found a way to allow this feature to expose secret access tokens that could be used to gain access to other accounts.
These secret access tokens are similar to digital keys that keep people logged into their social media accounts so they don’t need to re-enter their password each time they use the app.
“We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security,”
Facebook took the initiative to reset access tokens for all 50 million affected accounts as well as an additional 40 million to ensure security measures were in place.
“As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.”
Facebook temporarily disabled the “View As” feature and notified the law enforcement officials of the security breach. Facebook is still investigating the details of the breach as they are unsure if any other information was accessed and if the attackers will misuse the stolen access tokens.
Original Article Found Here.