Saturday, May 18, 2024

Hackers Exploited Facebook Zero-Day Flaw & Stolen 50 Million Accounts Access Tokens

Facebook security breach, hackers steal more than 50 million accounts access tokens by exploiting a bug in View As a feature.

The access token contains information such as security credentials for a login session, user identity, and the permission. By having the access tokens hackers can take over user accounts without account passwords and without completing two-factor authentication.

Facebook Security Breach Noticed

Facebook noticed the Bug on September 25 and they said the bug was fixed now and reported to law enforcement agencies. Facebook not revealed any technical details of the vulnerability.

The social media giant said “we have reset the access tokens of the almost 50 million accounts and as a precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year,” reads Facebook security breach update.

So as the token reset the affected users need to lo back in with the Facebook or any other apps that use Facebook login.

Facebook made changes with code for View as a feature while introducing video uploading feature in July 2017 and the attackers found the vulnerability in the code and use it to get the access tokens.

Temporarily facebook turned off View as a feature, that lets you see how your profile looks for others.

The social media giant said we just started the investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based.

Facebook under heavy criticism after Cambridge Analytica scandal which impacts more than 87 Million users and thereafter many Quiz app NameTests spotted exposing more than 120 million users personal data publically in third-party sites.

In a recent analysis report, more than 25,000 it was found that Malicious Apps Use Facebook APIs to Obtain a Range of Information.


Latest articles

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that...

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices,...

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine,...

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers...

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information...

Russian APT Hackers Attacking Critical Infrastructure

Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated...

Millions Of IoT Devices Vulnerable To Attacks Leads To Full Takeover

Researchers discovered four significant vulnerabilities in the ThroughTek Kalay Platform, which powers 100 million...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles