In blog entry publicly distributed couple of days ago, Facebook uncovered that its security team discovered the attack that happened on 25 September, and they are as yet examining the incident.
The vulnerability, whose elements and details are not yet been unveiled and now fixed by Facebook, resided in the “View As” option. The option, enables users to discover what other Facebook clients would see whether they visit your profile.
As per the social media giant, the vulnerability enabled hackers to steal access tokens that could be used to straightforwardly get to clients’ private data without requiring their account password or approving two-factor validation code.
Secret access tokens “are the equivalent of digital keys that keep people logged in to Facebook, so they don’t need to re-enter their password every time they use the app.”
To prevent its users’ accounts getting compromised, Facebook has already reset access tokens for almost 50 million affected accounts and an additional 40 million accounts.
“We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security,” the social media giant concluded.
“As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.”
Facebook is already under serious pressure since the fact that consultancy firm Cambridge Analytica had misused data of 87 million Facebook users to affect presidential elections in 2016.
The Cambridge Analytica scandal made Facebook accountable for its data-management practices, raising concerns about whether Facebook can be trusted while it holds the data of its 2 billion users. And now, social media giant fails to protect its users while generating billions of dollars from that same data they failed to protect.