“View As” Facebook Security Breach

by Natsuya Uesugi

Facebook recently was faced with a breach of 50 million users left exposed by a security flaw in the “View As” feature. Attackers exploited the vulnerability in the “View As” feature and were able to gain control of people’s accounts. The breach was discovered and police informed.

Facebook fixed the flaw, stated Guy Rosen, the Vice President of product management, and added accounts were reset including those not affected but were noted as at risk.

The breach allowed hackers to log into other accounts that use the Facebook system as method for access. Other major sites may have also been affected such as AirBnB.

50 million users and an investigation started to determine whether the accounts were misused and data accessed. As of this time Facebook is unsure of who is behind the attacks or from where they were based.

The Facebook “View As” function is a feature in its set of privacy functions that allows people to see what their own profile looks like to other users, including what information is viewable to friends, the public and friends or friends.

The bugs in the feature allowed hackers to steal Facebook access tokens which could be used to take over people’s accounts. Access tokens are digital keys that keep people logged into Facebook so they do no need to use their password each time they use the application.

Facebook has since fixed the bug and reset the accounts of the aforementioned users but such a large company needs to look closely at itself and its reputation on social media, its size and breadth of users – Facebook is a target no matter how you look at it.