A Facebook Breach Let Hackers Access Tinder, Instagram And Spotify

A Facebook Breach Let Hackers Access Tinder, Instagram And Spotify

A Facebook Breach Let Hackers Access Tinder, Instagram And Spotify

More than 90 million people will need to log back into their Facebook account. According to the company hackers exploited the "View As" feature on the service and steps are being taken to fix the security problem.

Social networking behemoth Facebook has announced a breach which has compromised at least 50 million user accounts, and appears to extend to third-party services which use Facebook's single sign-on (SSO) system for authentication.

Social-media giant, Facebook shared that its company's engineers discovered the breach on Tuesday (25 September). The company says it has fixed the bugs.

Facebook said it still doesn't have a full picture of the incident and it's still investigating the breadth of the breach together with U.S. law enforcement agencies.

But because of the way the hack worked, it also gave attackers the same level of access to any accounts you use Facebook to log in with.

Tokens allow users to remain logged in to Facebook so they don't have to keep re-entering their password every time they want to access it. Fixing the vulnerability and informing law enforcement; 2. Facebook is also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a "View As" look-up in the past year.

The company also said it is temporarily disabling the "View As" feature until it conducts a security review.

It was recently reported that a security bug related to a vulnerability in Facebook's "view as" feature which allowed users to see what their own Facebook profile would look like to someone else, allowed hackers to steal the security tokens of other users accounts and use these to then access that user's account.

The vice-president of product management, Guy Rosen, also spoke on the conference, saying that the company has notified and was working with the Federal Bureau of Investigation. Ireland's Data Protection Commission said Facebook notified it of the breach within that time frame, though the report "lacked detail", the Journal added.

It also said it doesn't know what - if any - personal information was accessed.

Hurricane Rosa off Mexico could bring flooding, rip currents in US
The center of Rosa was expected to approach Baja California Monday, but is forecast to weaken to a tropical storm by that point. Sergio had winds of 60 mph Sunday morning and it was centered about 480 miles south of Manzanillo, Mexico.

Dozens hurt as typhoon Trami hammers Japan
The typhoon is expected to move up the country in a north-easterly direction over Sunday and into Monday. Cities in the expected path of the typhoon were already taking measures to mitigate possible danger.

Russian Federation to send newer, S-300 missile defense systems to Syria
Syria's Deputy Foreign Minister Faisal Mekdad said late Tuesday that the S-300 should have been given to Syria long ago. The Kremlin said Russia's decision was not targeted against anyone and only serves to protect Russian troops in Syria.

Zuckerberg followed that up by saying the company is "taking it really seriously", but that he is "glad that we found this and we're able to the secure accounts".

Anyway, Facebook has since now patched the vulnerabilities and revoked the affected access tokens that were stolen by hackers.

Facebook is the largest social media platform in the world.

But the occurrence of a security breach is not enough to warrant a fine, and the new privacy law's fines have yet to be tested.

Due to the hack, Facebook has already reset these access tokens.

The hacking was revealed by Facebook on Friday.

But a new revelation might further widen the impact of the security breach.

Chang said the event would happen at Sunday at 6 p.m. local time or 6 AM EST/ 3 AM PST.

A spokesperson for Ancestry told CNN, "While Ancestry does support Facebook login for some functions, we always require an additional Ancestry username and password to access sensitive account functions such as downloading your DNA data, changing your password, changing your email address or accessing payment information".

Related news