"On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting nearly 50 million accounts".
"The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens", Facebook wrote.
The issue was discovered on 25 September and the social media giant said it had since taken steps to mitigate the breach and has alerted law enforcement.
That means if any of the 50 million hacked accounts also use Facebook as a connected account to their profiles on Tinder, Spotify, Instagram, or AirBnB, then those accounts may have also been hacked in the process.
The flaw that attackers exploited stemmed from a video-uploading feature change Facebook made in July 2017, but it did not elaborate.Читайте также: Deadly Flu Season Spurs New Push for Vaccinations
Facebook noted that users do not need to change their passwords. The company has clarified that it does not yet know who was behind this attack and is holding an investigation of its own into the matter.
Get direct access to our top weekly content, contests, and perks..
Facebook is also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a "View As" lookup in the past year. Whether 50 million, 100 million or 1 billion Facebook users were compromised is immaterial, as the real issue with any compromise is that this is another blow to our collective privacy.
Facebook's Head of Security Guy Rosen released a statement following the discovery of the incident.
The company notes that it will disable access tokens any more potentially impacted accounts it discovers.
The access tokens for the 50 million accounts the company knows were affected have been reset. "We did see this attack being used at a fairly large scale". Given how Facebook spreads itself out over third-party applications, such as its log-on feature, this number is expected to reach much higher, however this remains speculation for the time being. Since the investigation is at the earliest stages, Facebook has no idea whether any of the accounts affected were actually misused by hackers, and does not know if any personal information has been stolen.При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2019 Copyright.
Автоматизированное извлечение информации сайта запрещено.
Код для вставки в блог