On the afternoon of Tuesday, September 25, an engineering team at Facebook discovered a security flaw affecting almost 50 million user accounts. The vulnerability was contained within a feature allowing people to see what their profile looks like to other users. (See right)
Under the “View As” feature, attackers could steal a user’s access token and take over the account. Access tokens are the equivalent of a digital key that keeps people logged in to Facebook, so they don’t need to re-enter their password every time. In response to this, Facebook have fixed the vulnerability and informed law enforcement, as well as logging out approximately 90 million people from their account as a precautionary measure.
Facebook have complied with the EU General Data Protection Regulation (GDPR), reporting the breach within 72-hours and taking immediate action to resolve the security issue. However, this breach will not be passed without consequence. Facebook could be facing a fine of up to $1.63 billion dollars in the European Union alone.
Read more at CNet: https://www.cnet.com/news/facebook-breach-affected-50-million-people/
Read more at Facebook Newsroom: https://newsroom.fb.com/news/2018/09/security-update/
Banner image credit: https://www.flickr.com/photos/quintanomedia/41793468182