Facebook hacked: up to 90 million user accounts were attacked due to an error in the code, the company apologizes
If you are logged out on Facebook on Friday morning, you are not alone.
Facebook suffered from an attack that has affected up to 90 million personal user accounts, the company said.
')
Vulnerability in the social network code allowed hackers to access at least 50, and perhaps even 90 million, personal information through a flaw in the “See how” feature that allows you to view your own account as if you were someone else. . Taking advantage of this vulnerability, hackers managed to get access tokens that ensure the safety of users and then penetrate their accounts.
The company found out about the problem on Tuesday and it took several days to fix the vulnerability. As a result, the tokens were reset, and now anyone who tries to connect with them will not be able to do this. And all users who used the function “View as” over the past year turned out to be this morning (Friday, EST), after the release of the bugfix, they logged out and had to log in again.
“The privacy and safety of people is incredibly important, and we regret that this happened,” such comments can be seen today in the news media, which began to replicate this topic at an incredible pace, which casts a shadow on the company's reputation.
But why make this information public?
The point is the new European GDPR, it obliges companies to immediately report hacking publicly, if there were any, otherwise it threatens with very large fines.
This is not the first hack on Facebook and not the last; many users have seriously thought about who and how they trust their data. After all, Facebook keeps everything up to your geo-location.
Recently, according to the law, they asked everyone to confirm agreement with the collection of geodata .
The security issue is more relevant than ever. And therefore, probably not in vain, we post the MIT “Computer System Security” course transfer , although in 2014, as well as other materials related to security, as the fundamentals never lose their relevance and often mistakes are repeated, including such large companies as Facebook, which rolled out the update containing the vulnerability, along with the changes they made to the video downloader, back in July 2017. And who knows how difficult the vulnerability was, if until now independent pentesters have not discovered it.
Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending to friends, 30% discount for Habr users on a unique analogue of the entry-level servers that we invented for you: The whole truth about VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps from $ 20 or how to share the server? (Options are available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps until December for free if you pay for a period of six months, you can order here .
Dell R730xd 2 times cheaper? Only we have 2 x Intel Dodeca-Core Xeon E5-2650v4 128GB DDR4 6x480GB SSD 1Gbps 100 TV from $ 249 in the Netherlands and the USA! Read about How to build an infrastructure building. class c using servers Dell R730xd E5-2650 v4 worth 9000 euros for a penny?
Facebook suffered from an attack that has affected up to 90 million personal user accounts, the company said.
')
Vulnerability in the social network code allowed hackers to access at least 50, and perhaps even 90 million, personal information through a flaw in the “See how” feature that allows you to view your own account as if you were someone else. . Taking advantage of this vulnerability, hackers managed to get access tokens that ensure the safety of users and then penetrate their accounts.
The company found out about the problem on Tuesday and it took several days to fix the vulnerability. As a result, the tokens were reset, and now anyone who tries to connect with them will not be able to do this. And all users who used the function “View as” over the past year turned out to be this morning (Friday, EST), after the release of the bugfix, they logged out and had to log in again.
“The privacy and safety of people is incredibly important, and we regret that this happened,” such comments can be seen today in the news media, which began to replicate this topic at an incredible pace, which casts a shadow on the company's reputation.
But why make this information public?
The point is the new European GDPR, it obliges companies to immediately report hacking publicly, if there were any, otherwise it threatens with very large fines.
This is not the first hack on Facebook and not the last; many users have seriously thought about who and how they trust their data. After all, Facebook keeps everything up to your geo-location.
Recently, according to the law, they asked everyone to confirm agreement with the collection of geodata .
The security issue is more relevant than ever. And therefore, probably not in vain, we post the MIT “Computer System Security” course transfer , although in 2014, as well as other materials related to security, as the fundamentals never lose their relevance and often mistakes are repeated, including such large companies as Facebook, which rolled out the update containing the vulnerability, along with the changes they made to the video downloader, back in July 2017. And who knows how difficult the vulnerability was, if until now independent pentesters have not discovered it.
Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending to friends, 30% discount for Habr users on a unique analogue of the entry-level servers that we invented for you: The whole truth about VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps from $ 20 or how to share the server? (Options are available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps until December for free if you pay for a period of six months, you can order here .
Dell R730xd 2 times cheaper? Only we have 2 x Intel Dodeca-Core Xeon E5-2650v4 128GB DDR4 6x480GB SSD 1Gbps 100 TV from $ 249 in the Netherlands and the USA! Read about How to build an infrastructure building. class c using servers Dell R730xd E5-2650 v4 worth 9000 euros for a penny?
Source: https://habr.com/ru/post/424815/
All Articles