50 million Facebook users data breached and additional 40 million users potentially affected.
Facebook yet to determine what data has compromised.
There are 90 Million Facebook users who got automatically logged out
Facebook security breach, the company official unveiled that an unknown hacker has exploited a Zero-day vulnerability in its social media platform. Facebook doesn’t know that who is behind these attack.
What is behind the Bug?
The Bug allowed to steal secret access token for more than 50 million accounts. Facebook temporarily turning off the “View As” feature for security purpose.
The secret access tokens are like digital keys that keep logged in Facebook, so you don’t need to type your password again while using an app.
Facebook investigation is still in early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. According to Guy Rosen, VP of product management of Facebook. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app, he added.
Facebook have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. They also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year.
As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.
Do I need to change my Facebook password?
No, you don’t need to change your password. But if you are still not able to login into your Facebook account then contact its Help center.
It is the first time that Facebook users accounts were compromised. But after the events of Cambridge data leaks, this incident will again keep an eye on Mark Zuckerberg.