'Facebook hacked: Social media giant admits security breach affecting 50 million accounts' diff viewer (1/2)

This article is from the source 'rtcom' and was first published or seen on September 28, 2018 16:54 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.rt.com/usa/439861-facebook-admits-security-breach-affected/

The article has changed 3 times. There is an RSS feed of changes available.

Previous version 1 2 Next version

Version 1	Version 2
Facebook hacked: Social media giant admits security breach affecting 50 million accounts	Facebook hacked: Social media giant admits security breach affecting 50 million accounts
2018-09-28 17:30:07 UTC	2018-09-28 18:45:08 UTC (about 1 hour later)
Facebook has ~~admitted~~ ~~having~~ a “security ~~issue”~~ ~~with~~ ~~nearly~~ 50 million accounts ~~which~~ ~~had~~ ~~their~~ ~~“access~~ ~~tokens”~~ ~~compromised.~~ ~~The~~ ~~social~~ ~~media~~ ~~giant~~ ~~has~~ ~~reset~~ ~~tokens~~ ~~for~~ ~~another~~ 40 ~~million~~ ~~accounts~~ as a ~~“precaution.”~~	Facebook has apologized for a “security issue,” after discovering that hackers used a vulnerability in the platform’s code to steal other users’ ‘access tokens’ and log into their accounts. 50 million accounts were affected.
~~The~~ ~~issue~~ ~~affected~~ ~~nearly~~ 50 ~~million~~ ~~accounts,~~ which ~~would~~ ~~require~~ ~~users~~ to ~~re-enter~~ their ~~passwords. The~~ ~~security~~ ~~issue~~ ~~was~~ ~~discovered~~ by ~~the~~ ~~company’s~~ ~~engineers~~ on ~~Tuesday.~~ ~~Hackers~~ ~~have~~ ~~been~~ ~~apparently~~ ~~able~~ to ~~fetch~~ ~~the~~ ~~so-called~~ ~~“access~~ ~~tokens”~~ – digital ~~keys,~~ ~~which~~ allow a user to stay logged into ~~Facebook~~ ~~and~~ to ~~not~~ ~~re-enter~~ ~~their~~ ~~passwords~~ ~~each~~ ~~time~~ ~~they~~ ~~use~~ the ~~application.~~	In a statement released Friday, the company said that attackers could use Facebook’s “view as” tool - which lets a user see what their profile looks like to other users - to steal other users’ access tokens - digital keys that allow a user to stay logged into the social network without re-entering their password every time.
~~“Our~~ ~~investigation~~ is ~~still~~ in ~~its~~ ~~early~~ ~~stages.~~ ~~But~~ ~~it's~~ ~~clear~~ that ~~attackers~~ ~~exploited~~ a ~~vulnerability~~ in ~~Facebook's~~ ~~code~~ ~~that~~ ~~impacted~~ ~~"View~~ ~~As",~~ a ~~feature~~ ~~that~~ ~~lets~~ ~~people~~ ~~see~~ ~~what~~ ~~their~~ ~~own~~ ~~profile~~ ~~looks~~ ~~like~~ to ~~someone~~ ~~else,”~~ the ~~tech~~ ~~giant~~ ~~said~~ in a ~~statement.~~	The issue was discovered by Facebook engineers on Tuesday, and Facebook said on Friday that it’s fixed the vulnerability, reset 50 million affected users’ access tokens, and informed law enforcement. The company reset a further 40 million users’ tokens as a precaution, bringing the total number of accounts affected in some way to 90 million.
~~The~~ ~~vulnerability~~ ~~has~~ ~~been~~ ~~already~~ ~~fixed,~~ ~~according~~ to ~~Facebook,~~ ~~and~~ the ~~“View~~ ~~As”~~ ~~feature~~ ~~has~~ ~~been~~ ~~temporarily~~ ~~disabled.~~	“We have yet to determine whether these accounts were misuses or any information accessed,” read Facebook’s statement. “We also don’t know who’s behind these attacks or where they’re based,” the statement continued.
~~“This~~ ~~attack~~ ~~exploited~~ ~~the~~ ~~complex~~ ~~interaction~~ of ~~multiple~~ ~~issues~~ in ~~our~~ ~~code.~~ It ~~stemmed~~ ~~from~~ a ~~change~~ we ~~made~~ to ~~our~~ ~~video~~ ~~uploading~~ ~~feature~~ in ~~July~~ ~~2017,~~ ~~which~~ ~~impacted~~ ~~"View~~ ~~As."~~ ~~The~~ ~~attackers~~ ~~not~~ ~~only~~ ~~needed~~ to ~~find~~ ~~this~~ ~~vulnerability~~ ~~and~~ ~~use~~ it to ~~get~~ an ~~access~~ ~~token,~~ ~~they~~ ~~then~~ had to ~~pivot~~ ~~from~~ ~~that~~ ~~account~~ to ~~others~~ to ~~steal~~ ~~more~~ ~~tokens,”~~ ~~Facebook~~ ~~stated.~~	The company then repeated a phrase it’s used repeatedly in 2018: “we’re sorry.” Facebook’s year of apologizing began in March when it was revealed that some 90 million users had their private data - including their personal messages - leaked to political research firm Cambridge Analytica.
~~Damage~~ ~~done~~ by the ~~attack~~ is ~~yet~~ to be ~~evaluated,~~ it ~~remains~~ ~~unclear~~ ~~whether~~ ~~the~~ ~~affected~~ ~~accounts~~ ~~“were~~ ~~misused~~ or ~~any~~ ~~information~~ ~~accessed.”~~ ~~Source~~ of the ~~attack~~ and ~~who~~ ~~was~~ ~~behind~~ it ~~also~~ ~~remain~~ ~~unidentified,~~ ~~according~~ to ~~Facebook.~~	From there, the company has been rocked by scandal after scandal, including multiple accusations of privacy infringement and politically-motivated censorship, and CEO Mark Zuckerberg found himself hauled in front of Congress in the US and the European Parliament in Brussels to assure lawmakers that his company takes privacy seriously.
	READ MORE: Facebook using phone numbers submitted for security purposes to target ads
	Facebook’s latest privacy breach comes only one day after the social media behemoth confirmed that it uses phone numbers - provided by users for authentication and security purposes - to target advertisements.
	The company admitted that it shares “shadow contact” information, such as a phone number provided to Facebook for security reasons but not publicly displayed on a user’s page, or phone numbers of users’ friends, to advertisers. One year beforehand, Facebook denied this practice.
	Luckily for Facebook, the news broke when America was glued to Supreme Court nominee Brett Kavanaugh’s confirmation debacle.
	Think your friends would be interested? Share this story!

Previous version 1 2 Next version