Facebook stock was trading down three per cent Friday morning after the social network revealed a security issue affecting almost 50 million accounts.
Guy Rosen, the social network’s VP of Product Management, revealed the news in a blog post indicating that a breach was discovered by the company’s engineering team on Sept. 25.
“Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts,” said Rosen.
Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.
Rosen said Facebook has fixed the vulnerability and informed law enforcement, in addition to resetting the access tokens of the affected accounts to protect their security. Facebook is also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year.
As a result, about 90 million users will now have to log back in to Facebook, or any of the apps that use Facebook Login. Following that login, a notification will appear at the top of their News Feed explaining what happened.
In the interim, Facebook will be temporarily turning off the “View As” feature while it conducts a security review.
Rosen says the attack stemmed from a change made to the network’s video uploading feature in July 2017, which impacted “View As.”
Those wanting to take the precautionary action of logging out of Facebook, are urged to visit the “Security and Login” section in settings. It lists the places users are logged into Facebook with a one-click option to log out of all of them.
Subscribe Now – Free!
Broadcast Dialogue has been required reading in the Canadian broadcast media for 25 years. When you subscribe, you join a community of connected professionals from media and broadcast related sectors from across the country.
The Weekly Briefing from Broadcast Dialogue is delivered exclusively to subscribers by email every Thursday. It’s your link to critical industry news, timely people moves, and excellent career advancement opportunities.
Let’s get started right now.