LIVE TV
ZEE Business
ZEE BUSINESS
हिंदी में पढ़ें  हिंदी में पढ़ें
Live TV
Live TV
  • Home
  • Personal Finance
    • PPF
    • Mutual Funds
    • Income tax
    • EPFO
    • Income Tax Calculator
    • Personal Loan Calculator
    • Car Loan Calculator
    • Home Loan Calculator
    • SIP calculator
    • SWP Calculator
    • MF Returns Calculator
    • Lumpsum Calculator
  • India
    • Companies
    • Property
    • Startups
    • Uidai
  • Economy
    • Aviation
  • Tech
    • Mobiles
    • Apps
  • Auto
    • Cars
    • Bikes
  • Markets
    • Commodities
    • Currency
  • Jobs
  • Indian Railways
  • World
    • Economy
    • Politics
    • Markets
  • videos
  • photos
  • Authors
  • More ...
    • VIDEOS
    • PHOTOS
Read in App
Business News » Technology News

Facebook data breach: 50 million users affected; check full statement from the social media giant

  • Twitter
  • Facebook
  • Linkedin
  • whatapp
  • View in App
Facebook data breach: 50 million users affected; check full statement from the social media giant
On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts, Facebook said. Reuters
Written By: ZeeBiz WebTeam
Updated: Sat, Sep 29, 2018
11:10 am
ZeeBiz WebDesk
RELATED NEWS
Facebook privacy breach - Lesson for Organisations to learn from this Facebook privacy breach - Lesson for Organisations to learn from this
Most downloaded non-gaming app in March: WhatsApp, Facebook, Instagram and Messenger in top 5, but this is the No. 1 Most downloaded non-gaming app in March: WhatsApp, Facebook, Instagram and Messenger in top 5, but this is the No. 1
WhatsApp down: Check why WhatsApp, Facebook and Instagram were down - All details here WhatsApp down: Check why WhatsApp, Facebook and Instagram were down - All details here
SEE what Signal did after leaked data reveals that Facebook CEO Zuckerberg using this WhatsApp's rival SEE what Signal did after leaked data reveals that Facebook CEO Zuckerberg using this WhatsApp's rival
LEAKED! Facebook user? Phone number added in profile? May be a BIG TROUBLE for you! LEAKED! Facebook user? Phone number added in profile? May be a BIG TROUBLE for you!

As many as 50 million Facebook users have been affected by the latest security breach, said the social networking company. Facebook, which has more than 2 billion monthly active users, has since fixed the vulnerability and informed law enforcement, it said. Read the full statement from the Facebook:

 

Security Update
By Guy Rosen, VP of Product Management

On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.

Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.

Here is the action we have already taken. First, we’ve fixed the vulnerability and informed law enforcement.

Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.

Third, we’re temporarily turning off the “View As” feature while we conduct a thorough security review.

This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.

Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.

People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened. There’s no need for anyone to change their passwords. But people who are having trouble logging back into Facebook — for example because they’ve forgotten their password — should visit our Help Center. And if anyone wants to take the precautionary action of logging out of Facebook, they should visit the “Security and Login” section in settings. It lists the places people are logged into Facebook with a one-click option to log out of them all.

Update on September 28, 2018 at 4:45PM PT 

Additional Technical Details
By Pedro Canahuati, VP Engineering, Security and Privacy

Here are some additional technical details about the security issue described above.

Earlier this week, we discovered that an external actor attacked our systems and exploited a vulnerability that exposed Facebook access tokens for people’s accounts in HTML when we rendered a particular component of the “View As” feature. The vulnerability was the result of the interaction of three distinct bugs:

First: View As is a privacy feature that lets people see what their own profile looks like to someone else. View As should be a view-only interface. However, for one type of composer (the box that lets you post content to Facebook) — specifically the version that enables people to wish their friends happy birthday — View As incorrectly provided the opportunity to post a video.

Second: A new version of our video uploader (the interface that would be presented as a result of the first bug), introduced in July 2017, incorrectly generated an access token that had the permissions of the Facebook mobile app.

Third: When the video uploader appeared as part of View As, it generated the access token not for you as the viewer, but for the user that you were looking up.

It was the combination of these three bugs that became a vulnerability: when using the View As feature to view your profile as a friend, the code did not remove the composer that lets people wish you happy birthday; the video uploader would generate an access token when it shouldn’t have; and when the access token was generated, it was not for you but the person being looked up. That access token was then available in the HTML of the page, which the attackers were able to extract and exploit to log in as another user.

The attackers were then able to pivot from that access token to other accounts, performing the same actions and obtaining further access tokens.

To protect people’s accounts, we’ve fixed the vulnerability. We have also reset the access tokens of the almost 50 million accounts we know were affected and we’ve also taken the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a View As look-up in the last year. Finally, we’ve temporarily turned off the View As feature while we conduct a thorough security review.

Get Latest Business News, Stock Market Updates and Videos; Check your tax outgo through Income Tax Calculator and save money through our Personal Finance coverage. Check Business Breaking News Live on Zee Business Twitter and Facebook. Subscribe on YouTube.

TAGS:
FacebookMark Zuckerberg
RELATED NEWS
Facebook privacy breach - Lesson for Organisations to learn from this Facebook privacy breach - Lesson for Organisations to learn from this
Most downloaded non-gaming app in March: WhatsApp, Facebook, Instagram and Messenger in top 5, but this is the No. 1 Most downloaded non-gaming app in March: WhatsApp, Facebook, Instagram and Messenger in top 5, but this is the No. 1
WhatsApp down: Check why WhatsApp, Facebook and Instagram were down - All details here WhatsApp down: Check why WhatsApp, Facebook and Instagram were down - All details here
SEE what Signal did after leaked data reveals that Facebook CEO Zuckerberg using this WhatsApp's rival SEE what Signal did after leaked data reveals that Facebook CEO Zuckerberg using this WhatsApp's rival
LEAKED! Facebook user? Phone number added in profile? May be a BIG TROUBLE for you! LEAKED! Facebook user? Phone number added in profile? May be a BIG TROUBLE for you!

LATEST NEWS

Macrotech Developers lists at discount of over 10%, disappoints retail Investors

PUBG Mobile Lite Update: Season 24 release date revealed, check WP rewards, APK download link and more

Madhya Pradesh College and University Exam Latest News: UG and PG students in MP to have open book exam - see all details here

CBSE CISCE Board Exams 2021 POSTPONED: Class 10 class 12 board exam candidates must know these IMPORTANT points - check here

Stocks in Focus on April 19: Macrotech Developers, HDFC Bank, Mindtree, Pharma Stocks to KEC International; here are the 5 Newsmakers of the Day

Oppo A54 smartphone launched in India at starting price of Rs 13,490: Check camera, specifications, bank offer and more

Former PM Manmohan Singh tests positive for Covid-19, admitted to AIIMS Delhi

Delhi curfew, lockdown news: Arvind Kejriwal may ANNOUNCE curfew from Monday - Check all details here

RESULTS TODAY: Expert says ACC price target is Rs 1948, stop-loss Rs 1750

Major WhatsApp FLAWS REVEALED and this is how this messaging service reacted

  • India News
  • World News
  • Companies News
  • Market News
  • Personal Finance News
  • Technology News
  • Automobile News
  • Small Business News
  • Income Tax Calculator
  • Live TV
  • Videos
  • Photos
  • Author
  • Rss Feed
  • Advertise with us
  • Privacy Policy
  • Legal Disclaimer

Latest Trending Updates

  • EPFO
  • Budget 2020
  • Income Tax Return
  • Auto Expo 2020
  • Home Loan
  • Business News

Trending Topics

  • Income Tax
  • income Tax Calculator
  • 7th Pay Commission
  • Reserve Bank of India
  • GST
  • Latest Business News

Follow us on

zeebiz
zeebiz

Partner Sites

  • Zee News
  • Hindi News
  • Marathi News
  • Bengali News
  • Tamil News
  • Malayalam News
  • Gujarati News
  • Telugu News
  • Kannada News
  • DNA
  • WION
Copyright © Zee Media Corporation Ltd. All rights reserved