Facebook has released a statement to reveal what they call a "security issue" affecting almost 50 million of its users. According to the social media platform's VP of Product Management, Guy Rosen, alleged attackers exploited a vulnerability in Facebook’s "View As" code.
The "View As" feature on Facebook allows users to see what their own profile would look like to someone else.
"This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,"said Rosen.
Another Facebook issue affecting users
Just earlier in 2018 Facebook was involved in another saga that involved users personal information being harvested and used without their consent. This was thanks to Facebook allowing researchers to harvest user data, but for research purposes. However, one researcher, Aleksander Kogan, managed to develop a Facebook quiz game which not only harvested the data of users who gave consent, but their Facebook friends too. The bigger scandal came when it was revealed that he then sold this data to Cambridge Analytica so they could use it for political advertising micro-targeting.
This time around, it appears that Facebook was not aware of the flaw and security breach as they only discovered it recently. As Rosen explains, Facebook's engineering team only discovered this latest security flaw "on the afternoon of Tuesday, September 25."
Rosen also added that they have fixed the issue, disabled the "View As" feature, and gone ahead and reset the access tokens of the 50 million users affected.
"Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens. People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened. There’s no need for anyone to change their passwords. But people who are having trouble logging back into Facebook — for example because they’ve forgotten their password — should visit our Help Center. And if anyone wants to take the precautionary action of logging out of Facebook, they should visit the “Security and Login” section in settings. It lists the places people are logged into Facebook with a one-click option to log out of them all."
At the time of publishing this article it was not clear if any of the affected users resided anywhere in Afrika. We still await feedback from the Facebook team and will keep this story updated.
- 28 September 2018 - "It's still early days and we're working hard to better understand these details. We don't know the location of all affected people. We also do not know if this was targeted to people from one particular country." said a Facebook spokesperson in response to iAfrikan's questions on whether any of Facebook's Afrikan based users were affected,