Things don’t seem to be getting easier for Facebook anytime soon. A couple of months ago, Mark Zuckerberg-led social media giant found itself in hot waters due to the Cambridge Analytica scandal that involved misuse of user data of as many as 50 Million Facebook users. Well now, the company has announced that it has discovered a security breach that affects almost 50 Million accounts. Again.
Facebook discovered a security issue this past Tuesday that affects almost 50 Million Facebook accounts. The social media giant said that attackers exploited a vulnerability in Facebook’s code that had an impact on the “View As” feature. In case you are unaware, the “View As” feature allows Facebook users to see what their profile looks like to others – this includes both their friends and non-friends.
This vulnerability allowed attackers to steal access tokens of users which would then allow them to take over the accounts of other users. This vulnerability is a result of three different bugs that exposed Facebook’s access tokens for people’s account in HTML when a “particular component” of the “View As” feature was rendered. Facebook has temporarily disabled the “View As” feature and has also said that this issue resulted due to a change they made to their video uploading feature last year in July.
That said, you don’t have to freak out, as Facebook has said that they have fixed this vulnerability. Furthermore, Facebook has also reset the access tokens of 50 Million accounts that were affected by this. In addition to that, Facebook is also re-setting the access tokens of 40 Million accounts that have “been subject to a “View As” look-up in the last year”.
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
Facebook re-setting and changing access tokens of these 90 Million accounts will result in users of those accounts having to log-in to the Facebook app (and apps that use Facebook login) again. Once they login, they will get a notification at the top of their News Feed about this incident (refer image above).
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.” said Guy Rosen, VP of Product Management, Facebook.
Those who are concerned about their Facebook accounts don’t need to change their Facebook account password, however, to add an additional layer of security to your Facebook account, we strongly recommend enabling two-factor authentication for your Facebook account. This way, even if someone has access to your Facebook account password, that person still won’t be able to access your Facebook account, as it will require the additional security code to login to the account.