Facebook’s woes appears to be ever increasing and endless. The social media giant, which is still wallowing in various condemnation attracted due to the Cambridge Analytica scandal and fake news propagation, it has again disclose today that a security loophole may have made the data of around 50 million users available to hackers or malicious elements.
The Security Issue
In an official blog post, Facebook says that it has discovered a potentially serious security flaw in the implementation of the user-facing ‘View As’ feature that lets you to see your profile as it may appear to others or the general public.
Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else.
You may have escape from the security flaw right now, but Facebook looks quite scared. It has found that the loophole may have been introduced back in July 2017 via the addition of a new video player and hackers may have been able to get their hands on the ‘access tokens’ (digital login information) of up to 50 million profiles.
A new version of our video uploader (the interface that would be presented as a result of the first bug), introduced in July 2017, incorrectly generated an access token that had the permissions of the Facebook mobile app.
Facebook went further to say that the issue is not as a result of an engineering error and that an exploit has been found and used by some third-party hacker or malicious element. The social networking giant got aware of the hack on September 25, over 2 years post the vulnerability may have been introduced on the social media platform.
Facebook Sway Into Action!
Facebook, in its blog post, stated that it has patched up the security issue and informed the necessary law enforcement agency of the same. It has also taken action to ensure the safety of its humongous user base and is forcing them to re-login into their accounts.
Facebook reset the ‘access tokens’ of those affected, as well as some additional users.
Facebook is making up to affected 50 million users log back into their account to ensure their safety. So, if you’ve been asked to log back in then your data might be among the ones whose data could’ve been compromised. The social media giant is also asking 40 million more users to re-login as they have used the ‘View As’ feature over the past couple of years.
Also, the social media giant has “temporarily disabled” this feature that allows you to preview profiles on the platform to prevent any further damage, it seems. There’s currently no mention of whether any accounts have been compromised or not.
As if the company admitting that its ‘View As’ feature had a security flaw and it could’ve been exploited to access up to 50 million user accounts wasn’t enough, Facebook is now also faced with a string of class-action complaints.
The lawsuit has been filed by Carla Echavarria and Derick Walker respectively in the U.S District Court for the Northern District of California. They’ve both alleged that Facebook’s lack of security has exposed their personal info, increasing the chance of identity theft. It has further been stated that the social networking giant is involved in “unlawful business practices, deceit by concealment, negligence, and is in violation of California’s Customer Records Act.”
Both of the plaintiffs are looking for punitive damages and reward penalties, along with attorney fees or expenses, for themselves and other class members. Well, it seems like Facebook was already having a bad year and this security update made it worse. So, are you likely to stop using Facebook after this or not? Let us know in the comments below.