The hack is the latest
setback for Facebook during a year of tumult for the global social media
service.
The security flaw could
have allowed 50 million accounts to be taken over by hackers.
In a blog post, the company
says hackers exploited a bug that affected its “View As” feature, which lets
people see what their profiles look like to someone else. That would let
attackers steal the “access tokens” Facebook uses to keep people logged in.
Possession of those tokens would allow attackers to “seize control” of user
accounts, Facebook said.
“It’s clear that attackers
exploited a vulnerability in Facebook’s code,” vice president of product
management Guy Rosen said in a blog post.
“We’ve fixed the
vulnerability and informed law enforcement.”
To deal with the issue,
Facebook reset some logins, so 90 million people have been logged out and will
have to log in again. That includes anyone who has been subject to a “View As”
lookup in the past year.
Facebook says they did not
know who is behind the attacks or where they’re based. In a call with reporters
on Friday, CEO Mark Zuckerberg said that the company doesn’t know yet if any of
the accounts that were hacked were misused.
No comments:
Post a Comment