Facebook, the world’s most-popular social media platform had its worst security breach till date this month. The breach could have given hackers access to around 50 million accounts, according to the company.
Facebook has reset the logins of the accounts suspected, along with 40 million more accounts as a precautionary measure. Facebook CEO and founder Mark Zuckerberg’s account was also in this list. This is why most users have been asked to re-login to their Facebook accounts on opening their Facebook app or on the web page.
The company is still investigating the damages done by the breach. Zuckerberg posted “We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more.”
The breach took place because of three vulnerabilities. It came into the team’s notice on September 16, and a probe resulted in the discovery of the attack on September 25. Hackers apparently have exploited the combination of the three vulnerabilities. The first being the video uploader not showing in ‘View As’ mode and video uploader incorrectly using the single sign-on functionally to generate an access token with the permissions of the Facebook mobile app. This access generated was “not for you as the viewer, but for the user that you are looking up” according to Guy Rosen, Facebook’s VP of Product Management.
This digital key keeps you logged into Facebook so that every time one logs in without the need to re-enter the password.
What Should I Do?
The company has clarified that no passwords were taken in this security breach. Some experts believe it wouldn’t hurt to do so. Some have advised signing out of all devices and re-logging in.
