tech2 News Staff Sep 29, 2018 09:33 AM IST
It would seem that the heat around Facebook has barely died after the massive Cambridge Analytica breach, but it looks like the social media giant has today dropped yet another bombshell on users. Facebook, in a post late on 28 September, said that hackers had exposed personal information of nearly 50 million users.
As per Facebook CEO Mark Zuckerberg's post, the attacker or attackers had "exploited a technical vulnerability to steal access tokens that would allow them to log into about 50 million people's accounts on Facebook." The technical vulnerability in question is the "View As" feature which is a privacy tool to let you see how your own profile would look to other people.
Facebook said in its blog that it has as of yet not confirmed if this user information has been misused as of now or not. Now Facebook has taken security measures to limit the damage this breach has caused.
It has an issued a patch to resolve this vulnerability so that hackers are not able to exploit it further. As of right now, the "View Has" feature has been disabled and Facebook has logged out the 50 million users who have been exposed. If these users are to log in again then they will be notified on their Facebook wall about this breach.
As a matter of fact, Facebook is logging out everyone who has used this "View As" feature, which adds 40 million people more to the 50 million already logged out of Facebook. The social media giant has also informed law enforcement officials about the breach.
So how exactly did the breach come to be? The specific View As feature which enables people to wish their friends a happy birthday incorrectly provided an opportunity to post a video.
The video, in turn, caused the version of Facebook's video uploader introduced in July 2017, to incorrectly generate a token giving permissions to the users Facebook mobile app.
When the video uploader appeared as part of View As, it generated the access token not for you as the viewer, but for the user that you were looking up.
Is it now finally time to #DeleteFacebook? How many more security breaches will it take to show that Facebook just can't keep your user information private? Have your say in the comments.