Facebook Vulnerability Affecting 50 Million Users Allowed Account Takeover

[silversurfer]

Today, Facebook disclosed a security vulnerability that affected 50 million people on the social media network and allowed malicious third parties to potentially access the affected users account.

In a blog post, Facebook's Guy Rosen, VP of Product Management explained that the attackers exploited a vulnerability associated with Facebook's "View As" feature that allowed them to steal Facebook access tokens. These tokens could then be used to take over people's accounts.

"Our investigation is still in its early stages," stated Guy Rosen, VP of Product Management, for Facebook. "But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app."

Source: https://www.bleepingcomputer.com/news/se...-takeover/