Millions of Facebook accounts breached by access-token-harvesting attack

hack

(James) #1

About a week ago Facebook reset logins for millions of customers in an effort to mitigate its most recent data breach. This data breach may have exposed almost 50 million accounts. The data breach was possible due to three bugs in Facebooks code. The three bugs were introduced upon the release of Facebook’s new video uploader in July of 2017. Zuckerburg stated a week ago that the attack made use of the “View as” feature.

The first bug of the attack originated from the “View as” function. This bug was that the video uploader was present when using the “View as” function, which was not the expected behavior. The second bug of this attack came from the fact that when activating the video uploader, a single sign-on token was created. The third bug included in this attack was that the single sign-on token created used the identity of the individual that user that was viewing the page as instead of the user. Guy Rosen, Facebook’s vice president of product management, stated “We saw this attack being used at a fairly large scale,” and “The attackers could get an access token, pivot to other accounts, and look up other users to get further access tokens.”

This vulnerability allowed attackers to essentially generate single sign-on tokens for users and use these tokens to access websites and applications that use Facebooks single sign-on API. Since this vulnerability has been made public, Facebook contacted the FBI, patched these three bugs and disabled the “View as” feature. As of right now, Facebook has not indicated that a specific group of users was targeted in this attack.


(Doug) #2

I didn’t realize that the exploit was so simple. Facebook is going to have to really do better, they’ve lost almost all credibility in the last 2 years due to poor data practices and lax security.


(Howard) #3

Adding to this is the confusion is the Facebook users who are forwarding these warnings they copied and posted to messenger messages. In addition I have received several of these messages with Video clips. That was a red flag. That makes me think that in the midst of this confusion scammers are taking advantage of the chaos fallout from the token event and phishing users in frenzied waters. That could be the wave that follows the event.


(Howard) #4

In the aftermath of the token grab, a hoax is being forwarded by users. . Lisa Vaas blog Sophos.

"Are your Facebook friends bellyaching about having received another friend request from you? Specifically, sending you a message that reads uncannily like this one?

Hi … I actually got another friend request from you yesterday … which I ignored so you may want to check your account. Hold your finger on the message until the forward button appears … then hit forward and all the people you want to forward too … I had to do the people individually. Good Luck!

It doesn’t make sense if you stop and think about it.

Why would you have sent a friend request to somebody you’re already friends with? And then why in the world would you uncritically send this message to your Facebook friends?"

The short answers are that you wouldn’t and you shouldn’t.

You should delete the message and ignore the instructions to forward it because it’s a hoax, trying to get you to believe that your account has been cloned."


(freelancing skill) #5

i also read this news earlier but i came to know that all of accounts which banned are fake facebook accounts or dead accounts because of spam and fake activity