Did you get an unexpected prompt to re-log-in into you Facebook account on Friday the 28th of September 2018?
We did. If you also did get this Facebook re-log-in prompt, chances are, you are one of the 50 million Facebook subscribers whose account was compromised in a recent attack.
Facebook has acknowledged that some attackers were able to hack into 50 million accounts by exploiting a vulnerability in its “View As” feature early in the week. The “View As” function is a privacy feature that allows users to see how their own profile looks like when viewed by other users.
Facebook vice-president of product management, Guy Rosen, was quoted saying attackers found multiple weaknesses in the “View As” feature which “allowed them to steal Facebook access tokens. They could then use these tokens to take over people’s accounts.”
Rosen added that “Access tokens are the equivalent of digital keys that keep people logged into Facebook so they don’t need to re-enter their password every time they use the app”.
The attack means that the attackers could log into other accounts that use Facebook’s system, like AirBnB and Tinder.
Users that had potentially been affected were prompted to re-log-in on Friday.
Rosen said the flaw has been fixed. He added that “Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based.