2024 Author: Malcolm Clapton | [email protected]. Last modified: 2023-12-17 03:44
Back on September 25, the developers of the social network learned about the hacking, but measures against the leakage of accounts were taken only 3 days later.
On September 25, Facebook developers reported a serious security vulnerability in their social network. A huge security hole allows you to log into user accounts by intercepting a session token. To prevent account hijacking, representatives of the world's largest social network broke all sessions of user accounts on September 28, that is, they made a forced logout on the site and in all applications.
The problem reportedly affected about 50 million accounts, but 90 million accounts were logged out. At the same time, passwords and other important information were not leaked - only user sessions were compromised. The developers assured people that the vulnerability was fixed, and also contacted the police, since the existing threat was not a foreseen backdoor. Facebook representatives are confident that the exploit was discovered and used by third parties for their own ends. However, there is still no exact data on the hacked accounts and the people behind the attack.
The vulnerability itself is associated with the "View As" function, which allows you to see your profile from other users of the social network. Just when this function was called, it was possible to intercept the user profile session, which is used on mobile devices, so as not to enter a password every time you log into Facebook. At the moment, the "View as" function is disabled pending the completion of a detailed analysis of its security.
It is noteworthy that on September 28, hacker Chang Chi-yuan from Taiwan threatened to conduct a live broadcast in which he would use a bug to delete Mark Zuckerberg's official Facebook page. But shortly before the start of the stream, Chang announced that he would not do this, and information about the vulnerability was transferred to the developers of the social network for a reward. Facebook representatives have already clarified that the Taiwanese hacker has nothing to do with hijacking sessions.
Recommended:
How to set up two-factor authentication for all your accounts
Two-factor authentication is one of the easiest ways to protect your data from hackers. We will tell you how to enable it in popular services
6 objective reasons to delete your social accounts
There are quite objective reasons why it would be wise to delete your social profiles right now, and not involve your children in this evil. Social networks have become part of our life and require more and more serious treatment. Someone gets fired from their job for posting on Facebook, and another was not hired for a promising position because of a cheeky tweet.
7 types of accounts to unsubscribe from on social media
Understanding what is wrong with perfect photos and posts about "motherfuckers" and why you'd better unsubscribe from newsgroups
Your smartphone can be hacked via Bluetooth. Here's how to avoid it
Yesterday, specialists from computer firm Armis discovered a dangerous vulnerability in the Bluetooth protocol called BlueBorne
11 signs your computer or smartphone has been hacked
Hacking your computer or phone can go unnoticed. We will show you how to recognize something wrong, and most importantly, how to prevent it