Facebook hacked: up to 90 million user accounts were attacked due to an error in the code, the company apologizes
If you are logged out on Friday morning on Facebook - you are not alone.
Facebook suffered from an attack that has affected up to 90 million personal user accounts, the company said.
Vulnerability in the social network code allowed hackers to access at least 50, and perhaps even 90 million, personal information through the breach of the “See how” function, which allows you to view your own account as if you were someone else. . Taking advantage of this vulnerability, hackers managed to get access tokens that ensure the safety of users and then penetrate their accounts.
The company found out about the problem on Tuesday and it took several days to fix the vulnerability. As a result, the tokens were reset, and now anyone who tries to connect with them will not be able to do this. And all users who used the “View as” function over the past year turned out this morning (Friday, EST), after the bugfix was released, they were logged out and had to log in again.
“The privacy and safety of people is incredibly important, and we regret that this happened,” such comments can be seen today in the news media, which began to replicate this topic at an incredible pace, which casts a shadow on the company's reputation.
But why make this information public?
The point is the new European GDPR, it obliges companies to immediately report hacking publicly, if any, otherwise it would be very heavy fines.
This is not the first hack on Facebook and not the last; many users have seriously thought about who and how they trust their data. After all, Facebook keeps everything up to your geoposition.
Recently, according to the law, they asked everyone to confirm their agreement with the collection of geodata .
The security issue is more relevant than ever. And therefore, probably not in vain, we post the translation of the MIT course "Computer Security" in the network ., although in 2014, as well as other materials related to security, as the basics never lose their relevance and often mistakes are repeated, including in such large companies as Facebook, which rolled out the vulnerability update, along with the changes they made in the video downloader, back in July 2017. And who knows how difficult the vulnerability was, if until now independent pentesters have not discovered it.
Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending to your friends, a 30% discount for Habr's users for a unique analogue of the entry-level servers that we invented for you:The whole truth about VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps from $ 20 or how to share the server? (Options are available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps until December for free if you pay for a period of six months, you can order here .
Dell R730xd 2 times cheaper? Only we have 2 x Intel Dodeca-Core Xeon E5-2650v4 128GB DDR4 6x480GB SSD 1Gbps 100 TV from $ 249 in the Netherlands and the USA! Read about How to build an infrastructure building. class c using servers Dell R730xd E5-2650 v4 worth 9000 euros for a penny?
Facebook suffered from an attack that has affected up to 90 million personal user accounts, the company said.
Vulnerability in the social network code allowed hackers to access at least 50, and perhaps even 90 million, personal information through the breach of the “See how” function, which allows you to view your own account as if you were someone else. . Taking advantage of this vulnerability, hackers managed to get access tokens that ensure the safety of users and then penetrate their accounts.
The company found out about the problem on Tuesday and it took several days to fix the vulnerability. As a result, the tokens were reset, and now anyone who tries to connect with them will not be able to do this. And all users who used the “View as” function over the past year turned out this morning (Friday, EST), after the bugfix was released, they were logged out and had to log in again.
“The privacy and safety of people is incredibly important, and we regret that this happened,” such comments can be seen today in the news media, which began to replicate this topic at an incredible pace, which casts a shadow on the company's reputation.
But why make this information public?
The point is the new European GDPR, it obliges companies to immediately report hacking publicly, if any, otherwise it would be very heavy fines.
This is not the first hack on Facebook and not the last; many users have seriously thought about who and how they trust their data. After all, Facebook keeps everything up to your geoposition.
Recently, according to the law, they asked everyone to confirm their agreement with the collection of geodata .
The security issue is more relevant than ever. And therefore, probably not in vain, we post the translation of the MIT course "Computer Security" in the network ., although in 2014, as well as other materials related to security, as the basics never lose their relevance and often mistakes are repeated, including in such large companies as Facebook, which rolled out the vulnerability update, along with the changes they made in the video downloader, back in July 2017. And who knows how difficult the vulnerability was, if until now independent pentesters have not discovered it.
Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending to your friends, a 30% discount for Habr's users for a unique analogue of the entry-level servers that we invented for you:The whole truth about VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps from $ 20 or how to share the server? (Options are available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps until December for free if you pay for a period of six months, you can order here .
Dell R730xd 2 times cheaper? Only we have 2 x Intel Dodeca-Core Xeon E5-2650v4 128GB DDR4 6x480GB SSD 1Gbps 100 TV from $ 249 in the Netherlands and the USA! Read about How to build an infrastructure building. class c using servers Dell R730xd E5-2650 v4 worth 9000 euros for a penny?