Personal data of about 50 million users of Facebook have been hacked according to the largest social media platform of the world. Facebook said that the account of even its founder and CEO Mark Zuckerberg’s account was also compromised.
According to information released by Facebook, hackers managed to get access to the personal data of its users and their accounts by using three distinct bugs embedded in Facebook’s code. The hackers used them to steal digital keys which are technically known as “access tokens.”
Facebook says that the loophole has been fixed by it. .
The social media firm further said that there is no need for users to change the passwords for their accounts.
There is however no information about the individual or group who was behind this act.
Zuckerberg in a call with reporters, said that though there is a slight chance that the hackers could have peeped into the private messages or posts of users, but the company had found no evidence of any such activity.
“We do not yet know if any of the accounts were actually misused,” Zuckerberg said.
The current year has a tumultuous year for Facebook in terms of security and privacy issues. But despite the setbacks, the user base of the company has not been affected to any significant degree. The company has over 2 billion users globally.
The hackers reportedly made use of a vulnerability in the “View As” feature of the social media app. This is a tab that allows users to view their profile as it would appear to others. The hackers reportedly took advantage of that vulnerability and accessed tokens from the accounts of users whose profiles emerged during searches with the use of the “View As” feature. The hackers then also moved onto the friend list and accounts of the friends on the list in a similar manner. The accounts were under the control of the hackers because they possessed those tokens.
According to Guy Rosen, Facebook’s vice-president of product management, one of the bugs had been present in the system for over a year and it imp[acted the manner in which the “View As” feature interacted with the video uploading feature on the platform for posting “happy birthday” messages. But the matter came to the notice of Facebook only this September after an increase in indications of unusual activities and Rosen said that the company became aware of the hacking only this week.
“We haven’t yet been able to determine if there was specific targeting” of particular accounts, Rosen said in a call with reporters. “It does seem broad. And we don’t yet know who was behind these attacks and where they might be based.”
Rosen further said that the passwords and credit card data were still intact. the FBI and regulators in the United States and Europe have been alerted by the company, he informed.
But according to Jake Williams, a security expert at Rendition Infosec, there is a possibility that third party apps could have been affected by the hack. He said that users are able to use their login feature of Facebook to get into other apps and websites through their Facebook credentials. “These access tokens that were stolen show when a user is logged into Facebook and that may be enough to access a user’s account on a third party site,” he said.
(Source:www.livemint.com)
According to information released by Facebook, hackers managed to get access to the personal data of its users and their accounts by using three distinct bugs embedded in Facebook’s code. The hackers used them to steal digital keys which are technically known as “access tokens.”
Facebook says that the loophole has been fixed by it. .
The social media firm further said that there is no need for users to change the passwords for their accounts.
There is however no information about the individual or group who was behind this act.
Zuckerberg in a call with reporters, said that though there is a slight chance that the hackers could have peeped into the private messages or posts of users, but the company had found no evidence of any such activity.
“We do not yet know if any of the accounts were actually misused,” Zuckerberg said.
The current year has a tumultuous year for Facebook in terms of security and privacy issues. But despite the setbacks, the user base of the company has not been affected to any significant degree. The company has over 2 billion users globally.
The hackers reportedly made use of a vulnerability in the “View As” feature of the social media app. This is a tab that allows users to view their profile as it would appear to others. The hackers reportedly took advantage of that vulnerability and accessed tokens from the accounts of users whose profiles emerged during searches with the use of the “View As” feature. The hackers then also moved onto the friend list and accounts of the friends on the list in a similar manner. The accounts were under the control of the hackers because they possessed those tokens.
According to Guy Rosen, Facebook’s vice-president of product management, one of the bugs had been present in the system for over a year and it imp[acted the manner in which the “View As” feature interacted with the video uploading feature on the platform for posting “happy birthday” messages. But the matter came to the notice of Facebook only this September after an increase in indications of unusual activities and Rosen said that the company became aware of the hacking only this week.
“We haven’t yet been able to determine if there was specific targeting” of particular accounts, Rosen said in a call with reporters. “It does seem broad. And we don’t yet know who was behind these attacks and where they might be based.”
Rosen further said that the passwords and credit card data were still intact. the FBI and regulators in the United States and Europe have been alerted by the company, he informed.
But according to Jake Williams, a security expert at Rendition Infosec, there is a possibility that third party apps could have been affected by the hack. He said that users are able to use their login feature of Facebook to get into other apps and websites through their Facebook credentials. “These access tokens that were stolen show when a user is logged into Facebook and that may be enough to access a user’s account on a third party site,” he said.
(Source:www.livemint.com)