Hackers exploit vulnerability in Facebook’s ‘View As’ feature to access 50 million user accounts.
In the mad rush to be the king of data collection and use, Facebook has had quite a few privacy slip ups over the years. Perhaps that’s why the public response to today’s announcement of a 50 million-account-data breach isn’t as shocking as it should be.
According to an official statement from Facebook, the breach affected those accounts and may have possibly impacted another 40 million users. The vulnerability lies in the coding and tokens in the platform’s “View As” feature, which lets users sit back and admire their own pages in the way they appear to outsiders.
“Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As,’ a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
Facebook has taken action
Facebook took the liberty of forcing a new login for the 50 million affected accounts. The social media platform also forced the re-login of another 40 million accounts that had used the View As feature in the impacted time period, just to be safe.
They’ve now shut down the View As feature until they can finish their investigation into what went so galactically wrong.
There are additional steps all users should take: first, change your Facebook password, even if you’re not sure you were impacted by this data breach.
Next, do a force close and revoke permissions for any apps in which you sign in through Facebook.
Finally, if you’re one of the far too many people who reuses your password on other accounts, change those passwords as well. Remember, old information can come back to haunt you; if hackers got your Facebook credentials and you’ve reused them on your email, PayPal, or online banking, they’ve got that access now as well.