Today, Facebook is the biggest social network in the world. It stores many personal datas, so it’s popular target for hackers. I’m personally registered on Facebook, because “everyone is on Facebook”, but I don’t like this social network, because of (mostly) privacy and security issues. I prefer to use Telegram, but how to persuade all my contacts to move to Telegram? Impossible. And now, Facebook is experiencing another security issue.
Facebook announced, that its engineers discovered an vulnerability in code exploited by hackers. Attackers have stolen access tokens for about 50 million accounts. The access tokens are digital keys that allow people to stay logged in to Facebook.
Hackers abused security of “View As” code. This “View As” mode allows you to check how your profile is shown to someone else. Facebook said, the the vulnerability was patched and authorities has been informed. Also, nearly 50 million accounts got reseted access tokens along with another 40 millions accounts that have been subject to a “View As” lookup in the last year.
If you are the affected one, you were logged out from Facebook’s apps. You need to re-login again and after it, you will be informed about what has happened. While Facebook is investigating this issue, the “View As” feature is turned off.
As Facebook said, there is no need to change your password. It also said that security and privacy is for Facebook incredibly important, but it’s a little paradox, because a day before Facebook was found to be using phone numbers (provided by users for 2-factor authentication) for ad targeting purposes and to create shadow contacts.