Bangalore: Facebook – a largest social networking site has suffered a major security breach, according to media reports. The security breach has affected nearly 50 million users including Facebook CEO Mark Zuckerberg.
The San Francisco based company disclosed the security breach on Friday. The unknown attack used some bugs to exploit the vulnerability on Facebook’s “View As” feature which lets the user know how the profile looks to other users.
This vulnerability has allowed the hackers to steal Facebook tokens, which is basically digital keys that let the users to access the account without logging out.
Subsequently, Facebook has turned off this “View As” feature till it completely investigate the vulernability and the breach.
Guy Rosen, Facebook’s Vice President of product management, said that one of the bugs was more than a year old and affected how the “View As” feature interacted with Facebook’s video uploading feature for posting “happy birthday” messages, according to AP.
Following the attack, Facebook has alerted law enforcement and security agencies in the US and Europe including the FBI.
The company admitted that it had only discovered the breach this week but the unusual activities linked with this breach had happened around mid of this month, according to Rosen. As a result of this attack, around 90 millions were forced to login back into their Facebook accounts on Friday.
According to security experts this latest breach could have affected third party apps, where the users access those apps with Facebook account login details. Also, the breach has affected Instagram users as well, which is owned by Facebook.
“First, I think it’s great that Facebook appears to have reacted so quickly, as it’s a sign of the growing maturity around breach response that we’re starting to see as GDPR comes into effect. Understanding if there was a pattern to the impacted accounts versus just random selection is the difference between someone trying to hack the system for fun or a coordinated nation-state attack that compromises specific users to ultimately gain access to sensitive data,” said Richard Ford, Chief Scientist – Forcepoint – a global security company.
“This breach illustrates a fundamental truth of the new digital economy: when I share my personal data with a company I am putting my trust in your ability to protect that data adequately. Users need to continually evaluate the type of data they share and the potential impact a breach of that data could cause, to become an active participant in protecting their own online identities. On the other side, companies need to avail themselves of proactive technologies such as behavioral analysis to hold up their end of the bargain,” added Ford.
