An unusually high traffic to the site warned Facebook technicians that something could go wrong. After an investigation into this increased activity they discovered a huge security breach on the larger social network.
Facebook confirmed this (loose) earlier today, in a press release. The company reported that the hackers they managed to steal tokens from around 50 million users.
Access tokens are alphanumeric codes that are created when a user is logged in and stored simultaneously in the user's browser and Facebook servers. They are used to allow users to access Facebook without having to log on to each visit. Access token or access token is controlled by Facebook servers.
Facebook said earlier today that hackers managed to obtain access tokens for 50 million users by exploiting a vulnerability στο “View As”, ένα χαρακτηριστικό που υπάρχει στο προφίλ κάθε χρήστη του Facebook και επιτρέπει να δείτε πώς φαίνεται ο accountfrom another user.
According to Facebook technicians, the social network made a change in the code in July 2017 to the "View as" feature. The exploit took place for the first time on September 16. September 16 is the day Facebook believes that hackers began to exploit this flaw en masse to gain access to the "View As" feature and gain access tokens for the company's users.
The access token collection feature has caused massive traffic on Facebook servers. Beyond the traffic, Facebook engineers realized what was happening on September 26. They began to investigate 27 in September, and they announced their findings this morning.
Facebook made a phone call with journalists this morning and answered general questions. Nathaniel Gleicher, head of security policy and Guy Rosen, reported that the View As vulnerability was actually a combination of three bugs.
"The vulnerability we fixed was the result of three separate bugs and was notified in July 2017"
"The first mistake was when you used the View As product, the video uploader should not appear at all, but in a very specific case, in posts that encouraged people to wish Happy Birthday, it appeared.
Now, the second error was that this video uploader misused SSO to create an access token that gave rights to the Facebook mobile app. This was not, of course, the way SSO was intended to be used.
The third problem was that when the video uploader had previously appeared as View As, something that did not, except in the case of the first bug, then create access, which again should not be granted. The second error created the access ID not for you as a viewer, but for some other user.
"This is the combination of these three errors that created a vulnerability," Rosen said. "This vulnerability was discovered by hackers and they used it to obtain access IDs. Then, each time they had an access ID, they used it and received more tokens from the user's friends who had accessed his account.
Of course after all the above you should not wait. Sign in to your account and check Security and sign in. The σελίδα will show you all the Appliances that are connected to your account, but also their geographic location. Disconnect any you don't know and change the password as well.
___________
- Facebook download the videos you care about
- Facebook Dating: Yes at this time it is tested internally!
- Facebook new cooling systems that absorb moisture
Helps fellow citizens learn to understand Thank you George