The discovery of a computer bug in Facebook has allowed hackers to take control of user accounts. facebook team discovered that 50 million websites affected badly. We take this extremely seriously, "the group wrote in a press release, adding" take immediate action ". The pirates have got their hands on a loophole in the code of the American giant. An investigation is still in progress. The company is investigating whether the infiltrated accounts were used for malicious purposes. An interesting attack because it allows overriding double authentication. In summary, you thought you were protected by this double key (your password and the second code) and ... no!
The intruders had access to personal and sensitive data via the tool "profile preview as". An application that allows you to see what you let see to users who are not your friends. AFP says that Facebook lost more than 3% mid-session on Wall Street. The flaw revealed by Facebook was discovered last Tuesday and blocked this Friday.
You also better understand why Facebook has just made an emergency update (this Friday morning) of its smartphone applications, game consoles, ... In France, by the way, the application has rejected all users. Required to provide his password again. An update that requires to switch to an English version of FB. It would have been possible, via this flaw, to connect to third-party sites via Facebook authentication.
Worry at Facebook?
Mark Zuckerberg's page cleared, Sunday? This is what claims Chang Chi-yuan, a surfer, The man, a Taiwanese announces being able to take hold of any Facebook account. Like the Facebook boss. He promised to broadcast the opportunity via a Facebook Live, this Sunday, September 30. A report with the announcement of FB? Impossible to know for the moment.
On Friday, September 28, the man changed his mind by explaining that he preferred to help. "I cancel my live. I reported the bug to Facebook. I will show proof when I receive the premium from Facebook. " Chang Chi-yuan, the hacker, had promised to remove the Facebook founder's account and spread the trick via Facebook Live.
In 2011 already, a pirate had managed to modify the page of Zuckerberg by asking that Facebook is more "social".
Facebook officially communicated on the subject. "For security reasons, we may have recently disconnected you from your Facebook account. On September 25, 2018, we detected an attack on our system during which criminals stole Facebook access tokens. Access tokens are the equivalent of digital keys that these criminals could then use to hack into other people's accounts. By disconnecting users, we prevent criminals from accessing their accounts through these tokens. We do not yet know if they were able to access Facebook user information, but we wanted to inform you of the steps taken to protect your account. We continue our investigation and we contacted the police. If we discover that other people have been affected, we will immediately disconnect them and inform them of the situation. "
If you have been logged out, you will need to sign into your account again to continue using Facebook or other apps you are signed into via your Facebook account. No need to change your passwords, but if you have trouble reconnecting, find out what to do here.
Mark Zuckerberg has communicated! Yes Yes! "I want to inform you of a significant security issue that we have identified. We corrected the problem last night and take precautionary measures for those who may have been affected. We are still investigating. "
- Fixed the security vulnerability to prevent this attacker or another person from stealing additional access tokens. And we invalidated the access tokens for the accounts of the 50 million people affected, which resulted in their disconnection. These people will have to reconnect to access their accounts again. We will also inform these people in a message at the top of their news feed about what happened when they reconnected.
- As a precautionary measure, even though we think we have solved the problem, we are temporarily removing the feature with the security breach until we can review it in detail and make sure there is no problem. other security issues. The feature is called "View As" and it's a privacy tool that lets you see how your own profile might look like other people.
- As an added precaution, we also disconnect anyone who has used the Show As feature since the vulnerability was introduced. This will require 40 million people or more to reconnect to their accounts.