Facebook to be hit by class-action lawsuit after massive security breach
- Author: Darren Santiago Oct 02, 2018,
Oct 02, 2018, 2:18
Jake Williams, a security expert at Rendition Infosec, said the stolen access tokens would have likely allowed attackers to view private posts and probably post status updates or shared posts as the compromised user, but wouldn't affect passwords.
"We're also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a "View As" look-up in the past year". In addition, Facebook says they have taken a precautionary step to reset access token for another 40 million accounts that have been subject to a "View As" look-up in the previous year.
A Facebook hack which left the accounts of more than 50 million users compromised may have also affected third-party apps such as Tinder, Spotify and Instagram, if people used their Facebook account to register for the services.
Facebook said the attack exploited the "complex interaction of multiple issues in our code" and stemmed from a change made to the video uploading feature in July 2017. But the benefit comes at a cost, all these platforms will share the same access credentials. We can say these access tokens are like digital tokens that keep you logged into your Facebook account so you do not have to enter your password the next time you open the app on your mobile.
The hackers were able to exploit this vulnerability to gain access to the security tokens. So I guess there is no need to freak out, Facebook has got everything under its control now.
How many Facebook users are affected?
KAVANAUGH SPEAKS: Trump's Court Pick BREAKS SILENCE on Feinstein's Letter
Dianne Feinstein became public over the past week, she made a decision to go ahead and speak out herself, Sunday's report said. The person "declined to come forward or press the matter further, and I have honored that decision", Feinstein said.
The company has also turned off the "View As" feature while it conducts a security review, but admitted it has yet to determine whether accounts were misused or any information accessed.
Under Europe's recently introduced General Data Protection Regulation (GDPR) law, companies that fail to do enough to protect their customers' data face a maximum fine of $23 million, or 4 percent of their global revenue for the prior year, which is where the $1.63 billion figure comes from.
If you log out of Gmail and try to log in again, a new access token will be generated. You can see devices as well as their current location, and in case you see any unknown locations or devices, you can simply click on the remove button.
The hack allowed attackers to convince these websites that they were already logged in - sneaking onto your account under the radar.
It remains to be seen whether the fine will be levied on Facebook or not.
"The access token enables someone to use the account as if they were the account holder themselves".
It also said it doesn't know what - if any - personal information was accessed.
If you were hacked, you'll have been logged out and received notification.