Facebook security alert: 50 million account may gets hacked

Facebook security alert for 50 million users

On Sept 25, 2018, facebook engineers discovered a vulnerability in code, which can effect around 50 million facebook users account to be hacked.

Currently they found problem in 'View As' feature. In this feature you can find how your profile looks for other user. You can use this feature to know yourself as other user for your profile. Here, there is vulnerability in code where hacker can steal access token. Access token is considered as digital key which is generated when you login into facebook. You have to use this access token to use each and every features of facebook. If any one know your access token, they can access your facebook account.

Facebook has already fixed the issue. They changed the token for 50 million users who gets effected due to it. A precautionary action to reset token for another 40 million user has been taken who used 'view as' features. As their token has changed, so they need to login again. Other users don't need to login again. They can change their password if they want but its not necessary.

Also facebook has temporarily turnoff this feature till some final conclusion.

It is observed that this problem arise during change in video upload feature launched in July, 2017. Facebook is still uncertain, who is behind this. They are still investigetting about it and post it later if they find details about it.

This vulnerability caused due to interaction of three major bugs

  1. 'View As' is a privacy feature, it should have read only interface. But it gives opportunity to post video.
  2. The new version of video upload generate access token, which has permission of Facebook mobile app
  3. When the video uploader appeared as part of 'View As', it generated the access token not for you as the viewer, but for the user that you were looking up. That access token was then available in the HTML of the page, which the attackers were able to extract and exploit to log in as another user.

An official video of Guy Rosan, VP of Product Management, Facebook has published as follows:

Back
Funding

We need your support to operate it properly. We have lots of ideas but less fund, so help us with your funding.

Thoughts of the day

Success is not built on success. It's built on failure. It's built on frustration. Sometimes its built on catastrophe.

Sumner Redstone
Sell your product online

Do you want to sell products online with no extra cost?

Send your details, our executive will contact you

Email:

Mobile:

Location:

Polls
Which device you use most for facebook application?
Laptop/PC
15%

 


Android
49%

 


IOS
32%

 


Blackberry
4%

 


Tutorial On Request
Q. Ask us for any tutorial or any thing which helps to build your career better.
Email:
Query: