Facebook has learned of a security vulnerability that has opened up millions of its users to account theft over the past year, though the company notes it is still investigating any impact the exploit has had to date.<\/p>\n
While the exploit wasn\u2019t related to Facebook\u2019s game platform itself, the issue potentially affects 50 million Facebook accounts, making it an issue developers using the platform should be well aware of.<\/p>\n
The issue itself is detailed in a blog post shared by Facebook<\/a> and has since been fixed and reported to law enforcement. While the cause for the vulnerability seems to, by Facebook\u2019s reports, be the result of several different small issues in the platform\u2019s code, the core issue itself involved the \u201cview as\u201d feature that is intended to let a user see what information they\u2019re showing other Facebook users.\u00a0<\/p>\n However, an issue with \u201cView As\u201d instead let attackers take access tokens from Facebook accounts and allow them to hijack those accounts themselves by using the tokens to log in as an exploited user.\u00a0<\/p>\n Facebook says that it has now reset the access tokens of the nearly 50 million accounts it knows to be affected, and has reset the access tokens for an additional 40 million accounts that aren\u2019t known victims but had \u201cView As\u201d activity in the past year. Any affected users will have to log back into Facebook, both on the site and any third-party apps or locations using Facebook login, and have been sent a notice about the issue.<\/p>\n \u201cSince we\u2019ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,\u201d reports Facebook. \u201cWe also don\u2019t know who\u2019s behind these attacks or where they\u2019re based. We\u2019re working hard to better understand these details \u2014 and we will update this post<\/a> when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":" Facebook has learned of a security vulnerability that has opened up millions of its users to account theft over the past year, though the company notes it is still investigating any impact the exploit has had to date. While the exploit wasn\u2019t related to Facebook\u2019s game platform itself, the issue potentially affects 50 million Facebook […]<\/p>\n","protected":false},"author":2,"featured_media":51299,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"class_list":["post-51298","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/51298","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=51298"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/51298\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media\/51299"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=51298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=51298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=51298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}