The latest vulnerability on Facebook is estimated to have affected 50 million users whose accounts have been reset following the triple bug that was reported on September 25. Guy Rosen, VP of Product Management, states that the bug or security issue was reported on Tuesday which is estimated to have affected 50 million accounts. The cause of the security issue was the ‘View As’ which is a privacy feature on Facebook where the attackers are reported to have exploited the vulnerability.
The ‘View As’ Feature enables the users to view their own profile as someone else would see his/her profile. When a user accesses the ‘View As’ feature, Facebook access tokens are created which are digital keys that Facebook stores carrying the login credentials that enables the user to access Facebook on their smartphone or other devices without requiring to log in again and again.
According to Rosen, the vulnerability that would allow the attackers to post videos on profiles which were affected. Facebook has since fixed the vulnerability and has reset almost 50 million accounts and as a precautionary measure, the social media giant has reset the access tokens of other 40 million accounts that have accessed the feature from July 2017 which takes the toll to 90 million accounts.
The second line of precaution that Facebook has taken is that they turned off the View As feature from Facebook until the vulnerability can be fixed. Further, it has notified the law enforcement to take necessary actions to find attackers which might have exploited the vulnerability made up of three bugs which have since been fixed.
If your account was compromised, don’t worry because since Facebook has reset all the access tokens, your account will be logged out. When you check back on Facebook, you can log in again and that’s all. Facebook will notify the affected accounts about the vulnerability. This is another time when Facebook has been groped after its various vulnerability was discovered although it is fixed as of now.