Windows 10 News and info | Forum
May 24, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Facebook States 30 Million People Affected by Last Month's "View As" Bug  (Read 73 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 30037

I Do Windows

WWW Email
« on: October 13, 2018, 01:33:29 AM »

Remember that bug Facebook revealed two weeks ago that may have affected 50 million users if not more? Well, Facebook has stated that 30 million of those users had their access tokens stolen by attackers according to a new updated posted by Facebook today.

This bug was part of Facebook’s “View As” tool, which allows you to view your profile as it would appear to someone else on Facebook. Attackers chained 3 vulnerabilities together to exploit a bug in this feature and steal a user's, and their friends, access tokens. These access tokens could then be used to login to the associated account and provide full access to everything on it.

In a blog post today, Facebook has decided to downplay the attack to make it appear as less serious than it actually is. 

"We now know that fewer people were impacted than we originally thought," stated the Facebook's update. "Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen. Here’s how it happened:"

Isn't that great? Only 30 million.

According to the update, using accounts they already controlled, the attackers exploited the bug to steal tokens from approximately 400,000 users. The attackers then used some of those 400,000 accounts to steal the access tokens from a total of 30 million users.

"The attackers used a portion of these 400,000 people’s lists of friends to steal access tokens for about 30 million people," stated Facebook's blog post. "For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles). For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. For 1 million people, the attackers did not access any information."

Facebook also stated that the attackers did not have access to information related to other Facebook services such as Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page January 29, 2019, 03:10:22 AM