Facebook sued hours after announcing security breach
- Author: Eleanor Harrison Oct 02, 2018,
Oct 02, 2018, 2:16
In a blog post, Facebook stated that a vulnerability in the site's "View As" feature, which lets users see what their profile looks like from someone else's view, allowed an attacker to steal access tokens, a kind of security key that allows users to stay logged into Facebook over multiple browsing sessions without entering their password every time.
In the biggest-ever security breach after Cambridge Analytica scandal, Facebook on Friday admitted hackers broke into almost 50 million users' accounts by stealing their "access tokens" or digital keys.
Ireland's Data Protection Commission, which is Facebook's lead privacy regulator in Europe, said Saturday that it has demanded more information from the company about the nature and scale of the breach, including which European Union residents might be affected.
"The importance here is that since Facebook has become the most popular identity provider out there it's not easy to evaluate how many accounts of yours hackers might have accessed", said Polakis, who has studied the feature extensively. Julian Knight, a committee member, said: "It would be helpful to hear from Mr Zuckerberg, but I won't be holding my breath". The Senate also questioned the CEO on the concerning issue of Cambridge Analytica data-mining scandal which involved the data of 87 million users credentials that was compromised. Those who want to log out can visit the "Security and Login" section of their settings, which lists the places that people are logged into Facebook.
In a statement this evening, the Commission said that Facebook has assured it that the company will be in a position to provide a more detailed breakdown of affected accounts soon. The View As feature will let you preview that post as if you were that colleague and then as if you were any of your other Facebook friends so that you can be assured of the privacy changes that you've made to that post.
A spokesperson for Ancestry told CNN, "While Ancestry does support Facebook login for some functions, we always require an additional Ancestry username and password to access sensitive account functions such as downloading your DNA data, changing your password, changing your email address or accessing payment information". Surprisingly, Mark Zuckerberg and Sheryl Sandberg, Facebook's COO were also affected by the attack.
Access tokens are digital keys that keep you signed in once you have logged into your Facebook account.
Unsurprisingly, hackers used this bug to create access tokens for 50 million users across the site.
"Today, consumers should be working under the assumption that their private information has been stolen by hackers 10 times over", said Sam Curry, chief security officer at Cybereason.
What is the new Facebook breach?
Noted Taiwanese hacker Chang Chi-yuan promised to delete Zuckerberg's account, telling his 26,000 followers that the event would be livestreamed on Facebook Live, according to The Verge. Still, this is among the more serious breaches Facebook has ever suffered. Unidentified hackers manipulated the code of the social network and logged into several users account. Temporarily turning off the "View As" feature "while we conduct a thorough security review".