LIVE TV
ZEE Business
ZEE BUSINESS
हिंदी में पढ़ें  हिंदी में पढ़ें
Live TV
Live TV
  • Home
  • Budget 2021
  • Personal Finance
    • PPF
    • Mutual Funds
    • Income tax
    • EPFO
    • Income Tax Calculator
    • Personal Loan Calculator
    • Car Loan Calculator
    • Home Loan Calculator
    • SIP calculator
    • SWP Calculator
    • MF Returns Calculator
    • Lumpsum Calculator
  • India
    • Companies
    • Property
    • Startups
    • Uidai
  • Economy
    • Aviation
  • Tech
    • Mobiles
    • Apps
  • Auto
    • Cars
    • Bikes
  • Markets
    • Commodities
    • Currency
  • Jobs
  • Indian Railways
  • World
    • Economy
    • Politics
    • Markets
  • videos
  • photos
  • Authors
  • More ...
    • VIDEOS
    • PHOTOS
Read in App
Business News » Technology News

Facebook data breach: 50 million users affected; check full statement from the social media giant

  • Twitter
  • Facebook
  • Linkedin
  • whatapp
  • View in App
Facebook data breach: 50 million users affected; check full statement from the social media giant
On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts, Facebook said. Reuters
Written By: ZeeBiz WebTeam
Updated: Sat, Sep 29, 2018
11:10 am
ZeeBiz WebDesk
RELATED NEWS
Govt sets 50 lakh users threshold to define 'significant social media intermediary' under IT rules Govt sets 50 lakh users threshold to define 'significant social media intermediary' under IT rules
India tightens regulatory grip on Facebook, WhatsApp with new rules India tightens regulatory grip on Facebook, WhatsApp with new rules
This country passes law to make Google, Facebook pay for news  This country passes law to make Google, Facebook pay for news
WhatsApp latest update: What's changing and what's not—Instant messaging app sets record clear on new privacy policy WhatsApp latest update: What's changing and what's not—Instant messaging app sets record clear on new privacy policy
Sandes: India's alternative to WhatsApp? Launched! Check steps to download on Android, iOS here Sandes: India's alternative to WhatsApp? Launched! Check steps to download on Android, iOS here

As many as 50 million Facebook users have been affected by the latest security breach, said the social networking company. Facebook, which has more than 2 billion monthly active users, has since fixed the vulnerability and informed law enforcement, it said. Read the full statement from the Facebook:

 

Security Update
By Guy Rosen, VP of Product Management

On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.

Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.

Here is the action we have already taken. First, we’ve fixed the vulnerability and informed law enforcement.

Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.

Third, we’re temporarily turning off the “View As” feature while we conduct a thorough security review.

This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.

Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.

People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened. There’s no need for anyone to change their passwords. But people who are having trouble logging back into Facebook — for example because they’ve forgotten their password — should visit our Help Center. And if anyone wants to take the precautionary action of logging out of Facebook, they should visit the “Security and Login” section in settings. It lists the places people are logged into Facebook with a one-click option to log out of them all.

Update on September 28, 2018 at 4:45PM PT 

Additional Technical Details
By Pedro Canahuati, VP Engineering, Security and Privacy

Here are some additional technical details about the security issue described above.

Earlier this week, we discovered that an external actor attacked our systems and exploited a vulnerability that exposed Facebook access tokens for people’s accounts in HTML when we rendered a particular component of the “View As” feature. The vulnerability was the result of the interaction of three distinct bugs:

First: View As is a privacy feature that lets people see what their own profile looks like to someone else. View As should be a view-only interface. However, for one type of composer (the box that lets you post content to Facebook) — specifically the version that enables people to wish their friends happy birthday — View As incorrectly provided the opportunity to post a video.

Second: A new version of our video uploader (the interface that would be presented as a result of the first bug), introduced in July 2017, incorrectly generated an access token that had the permissions of the Facebook mobile app.

Third: When the video uploader appeared as part of View As, it generated the access token not for you as the viewer, but for the user that you were looking up.

It was the combination of these three bugs that became a vulnerability: when using the View As feature to view your profile as a friend, the code did not remove the composer that lets people wish you happy birthday; the video uploader would generate an access token when it shouldn’t have; and when the access token was generated, it was not for you but the person being looked up. That access token was then available in the HTML of the page, which the attackers were able to extract and exploit to log in as another user.

The attackers were then able to pivot from that access token to other accounts, performing the same actions and obtaining further access tokens.

To protect people’s accounts, we’ve fixed the vulnerability. We have also reset the access tokens of the almost 50 million accounts we know were affected and we’ve also taken the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a View As look-up in the last year. Finally, we’ve temporarily turned off the View As feature while we conduct a thorough security review.

Get Latest Business News, Stock Market Updates and Videos; Check your tax outgo through Income Tax Calculator and save money through our Personal Finance coverage. Check Business Breaking News Live on Zee Business Twitter and Facebook. Subscribe on YouTube.

TAGS:
FacebookMark Zuckerberg
RELATED NEWS
Govt sets 50 lakh users threshold to define 'significant social media intermediary' under IT rules Govt sets 50 lakh users threshold to define 'significant social media intermediary' under IT rules
India tightens regulatory grip on Facebook, WhatsApp with new rules India tightens regulatory grip on Facebook, WhatsApp with new rules
This country passes law to make Google, Facebook pay for news  This country passes law to make Google, Facebook pay for news
WhatsApp latest update: What's changing and what's not—Instant messaging app sets record clear on new privacy policy WhatsApp latest update: What's changing and what's not—Instant messaging app sets record clear on new privacy policy
Sandes: India's alternative to WhatsApp? Launched! Check steps to download on Android, iOS here Sandes: India's alternative to WhatsApp? Launched! Check steps to download on Android, iOS here

LATEST NEWS

Covid 19 Phase 2: These government employees to be reimbursed 'medical expenses' for coronavirus vaccination

7th Pay Commission: Central Government Employees' Dearness Allowance (DA) to become 25 pct from April 2021?

Aadhaar card-based driving licence service: Check step by step guide to renew your driving licence online without going to RTO

West Bengal, Assam Assembly elections 2021: After TMC, BJP likely to release candidates lists today

EPF Passbook Balance Check Online: EPFO members can do this via Umang App, SMS, missed call; choose whatever you want

NEET 2021 exam: Check here the latest update on dates and all you need to know for registration before appearing in the test

Post Office Schemes: Good news for savings account holders! Withdrawal limit hiked from Rs 5,000 to Rs 20,000 at these branches

Elijah Wood, Cate Blanchett set to reunite as ''Lord of the Rings'' turns 20

TMC Candidates List 2021 - Names of 291 candidates announced for West Bengal Elections; See Complete List Here

Airbag for front-seat passenger made mandatory from THIS date

  • India News
  • World News
  • Companies News
  • Market News
  • Personal Finance News
  • Technology News
  • Automobile News
  • Small Business News
  • Income Tax Calculator
  • Live TV
  • Videos
  • Photos
  • Author
  • Rss Feed
  • Advertise with us
  • Privacy Policy
  • Legal Disclaimer

Latest Trending Updates

  • EPFO
  • Budget 2020
  • Income Tax Return
  • Auto Expo 2020
  • Home Loan
  • Business News

Trending Topics

  • Income Tax
  • income Tax Calculator
  • 7th Pay Commission
  • Reserve Bank of India
  • GST
  • Latest Business News

Follow us on

zeebiz
zeebiz

Partner Sites

  • Zee News
  • Hindi News
  • Marathi News
  • Bengali News
  • Tamil News
  • Malayalam News
  • Gujarati News
  • Telugu News
  • Kannada News
  • DNA
  • WION
Copyright © Zee Media Corporation Ltd. All rights reserved