Facebook founder Mark Zuckerberg just revealed that the social media has been hacked. The hacker stole security tokens of over 50 million users. The company confirmed that the attack was carried out a through a security vulnerability in the “View As” Feature.
Facebook introduced the “View As” feature to help users see how their profile would look like to a particular person or to a random stranger. It appears that the hackers found a vulnerability in the feature and used it to take over 50 million accounts. The company also confirmed that they have removed the “View As” feature until they investigate and fix the issue completely. The company first became aware of a potential attack after it noticed a spike in user activity on September 16. As a precautionary measure, Facebook has reset the security token of the 50 million users and an additional 40 million users who used the “View As” feature. Facebook has patched the vulnerability and has notified law enforcement agencies including FBI and the Irish Data Protection Commission in order to any address General Data Protection Regulation (GDPR) issues.
Facebook is not sure if any information has been misused or shared online but the company continues to investigate. The initial investigation hasn’t revealed any information abuse but Facebook did find that the hackers used the API system, which lets applications communicate with the platform, to get more user information. Facebook noted that there is no need to change account passwords but you should change it as a precautionary measure. The company also said they’re resetting security tokens of the accounts affected to prevent information misuse. I think the Mozilla Monitor would be very useful right about now.