Up to 50m Facebook accounts compromised by ‘View As’ flaw

Around 90 million Facebook users were asked to re-enter their log-in details after it emerged that a widespread security flaw may have been exploited by hackers to access a user’s account.

The weakness meant attackers were able to gain control of people's accounts, exploiting a vulnerability in the ‘View As’ feature, which allows people to see what their own profile looks to other users.

Attackers managed to uncover multiple bugs in this feature that enabled them to steal Facebook access tokens, which could then be used to take over people's accounts.

“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don't need to re-enter their password every time they use the app,” explained Guy Rosen, the firm’s vice-president of product management.

It is believed that up to 50 million users were affected by the flaw, but the social media platform prompted almost twice as many users to log in again as a precaution.

Hackers may have been able to log in to other accounts that use Facebook's system, such as AirBnB, Tinder, Strava, Spotify and many others.

Facebook has more than two billion active monthly users worldwide, but refused to reveal where in the world the 50 million affected users were based.

However, it did confirm that founder Mark Zuckerberg and its chief operating officer Sheryl Sandberg had been affected.

Mr Rosen went on to say: “Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based.

“People’s privacy and security is incredibly important, and we’re sorry this happened."

Image: coffeekai/iStock

Back to listing