An unusually high traffic to the site warned Facebook technicians that something could go wrong. After an investigation into this increased activity they discovered a huge security breach on the larger social network.
Facebook confirmed this (loose) earlier today, in a press release. The company reported that hackers managed to steal tokens from about 50 millions of users.
The tokens access are alphanumeric codes generated when one user are logged and stored simultaneously in the user's browser and on Facebook's servers. They are used to allow users to access Facebook without requiring the user to log in on each visit. Access tokens or access tokens are controlled by Facebook servers.
Facebook said earlier that today hackers were able to gain access tokens for 50 million users, taking advantage of a vulnerability in "View As", a feature in every Facebook user's profile that lets you see what your account looks like from another user. .
According to Facebook technicians, the social network made a code change in July 2017 to the “View as” feature. The exploit was first held on September 16. September 16 is the day Facebook believes hackers began mass exploiting this flaw to gain access to the "View As" feature and obtain account access tokens of the company's users.
The access token collection feature has caused massive traffic on Facebook servers. Beyond the traffic, Facebook engineers realized what was happening on September 26. They began to investigate 27 in September, and they announced their findings this morning.
Facebook made a phone call with journalists this morning and answered general questions. Nathaniel Gleicher, head of security policy and Guy Rosen, reported that the View As vulnerability was actually a combination of three bugs.
"The vulnerability we fixed was the result of three separate bugs and was notified in July 2017"
"The first mistake was when you used the View As product, the video uploader should not appear at all, but in a very specific case, in posts that encouraged people to wish Happy Birthday, it appeared.
Now, the second error was that this video uploader misused SSO to create an access token that gave rights to the Facebook mobile app. This was not, of course, the way SSO was intended to be used.
The third problem was that when the video uploader had previously appeared as View As, something that did not, except in the case of the first bug, then create access, which again should not be granted. The second error created the access ID not for you as a viewer, but for some other user.
"This is the combination of these three errors that created a vulnerability," Rosen said. "This vulnerability was discovered by hackers and they used it to obtain access IDs. Then, each time they had an access ID, they used it and received more tokens from the user's friends who had accessed his account.
Of course after all the above you should not wait. Sign in to your account and check Security and sign in. The page will show you all of them Appliances that are connected to your account, but also their geographic location. Disconnect any you don't know and change the password as well.
___________
- Facebook download the videos you care about
- Facebook Dating: Yes at this time it is tested internally!
- Facebook new cooling systems that absorb moisture
Helps fellow citizens learn to understand Thank you George