Facebook has warned about an error on the site, using which attackers could gain access to the accounts of 50 million users of the social network. According to the Vice-President of the company, guy Rosen (Guy Rosen), the investigation is still at an early stage, but already now it is known that the attackers proekspluatirovat vulnerability code in Facebook, which has affected the function of "View" (View As), allowing users to see your page before viewing other subscribers.
In this way, cybercriminals managed to steal access tokens (the equivalent of digital keys that keep users logged into Facebook on one device, eliminating the need to re-enter credentials when downloading a social network), with which they could seize control of users ' accounts.
In order to protect the company, it has reset the tokens of about 50 million accounts affected by the vulnerability. In addition, the specialists of the social network intend to reset the tokens of another 40 million user accounts that used the "View as" function last year. As a result, about 90 million Facebook users will need to re-login when entering the social network.
As we found out the engineers of the error associated with changes in the function of download videos in July 2017. The security team of the social network noticed something was wrong after the unusual surge of traffic on the servers and in the course of the investigation revealed the cyber attack, which lasted from 16 September this year.
In total attacking proekspluatirovat three vulnerabilities - one associated with the function of downloading video, the second video in the loader that generated the access tokens with the authorization in the mobile Facebook app (usually banned). The third vulnerability was that the tokens were not generated for the person viewing the page, but for the person whose profile the user was looking for, allowing attackers to compromise the simulated user's account.
The company is currently investigating whether a data leak has occurred and whether attackers have used compromised accounts for malicious purposes. Who is behind the attack at the moment is also unknown.Source: securitylab.ru