- Joined
- Sep 20, 2018
- Messages
- 9,372
- Location
- Montréal
- SL Rez
- 2007
Facebook Security Breach
- Thread starter Isabeau
- Start date
- Joined
- Sep 20, 2018
- Messages
- 9,372
- Location
- Montréal
- SL Rez
- 2007
Mark Zuckerberg
''I want to update you on an important security issue we've identified. We patched the issue last night and are taking precautionary measures for those who might have been affected. We're still investigating, but I want to share what we've already found:
On Tuesday, we discovered that an attacker exploited a technical vulnerability to steal access tokens that would allow them to log into about 50 million people's accounts on Facebook.
We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more.
We've already taken a number of steps to address this issue:
1. We patched the security vulnerability to prevent this attacker or any other from being able to steal additional access tokens. And we invalidated the access tokens for the accounts of the 50 million people who were affected – causing them to be logged out. These people will have to log back in to access their accounts again. We will also notify these people in a message on top of their News Feed about what happened when they log back in.
2. As a precautionary measure, even though we believe we've fixed the issue, we're temporarily taking down the feature that had the security vulnerability until we can fully investigate it and make sure there are no other security issues with it. The feature is called "View As" and it's a privacy tool to let you see how your own profile would look to other people.
3. As an additional precautionary measure, we're also logging out everyone who used the View As feature since the vulnerability was introduced. This will require another 40 million people or more to log back into their accounts. We do not currently have any evidence that suggests these accounts have been compromised, but we're taking this step as a precautionary measure.
We face constant attacks from people who want to take over accounts or steal information around the world. While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place. If you've forgotten your password or are having trouble logging in, you can access your account through the @Help Center.
''I want to update you on an important security issue we've identified. We patched the issue last night and are taking precautionary measures for those who might have been affected. We're still investigating, but I want to share what we've already found:
On Tuesday, we discovered that an attacker exploited a technical vulnerability to steal access tokens that would allow them to log into about 50 million people's accounts on Facebook.
We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more.
We've already taken a number of steps to address this issue:
1. We patched the security vulnerability to prevent this attacker or any other from being able to steal additional access tokens. And we invalidated the access tokens for the accounts of the 50 million people who were affected – causing them to be logged out. These people will have to log back in to access their accounts again. We will also notify these people in a message on top of their News Feed about what happened when they log back in.
2. As a precautionary measure, even though we believe we've fixed the issue, we're temporarily taking down the feature that had the security vulnerability until we can fully investigate it and make sure there are no other security issues with it. The feature is called "View As" and it's a privacy tool to let you see how your own profile would look to other people.
3. As an additional precautionary measure, we're also logging out everyone who used the View As feature since the vulnerability was introduced. This will require another 40 million people or more to log back into their accounts. We do not currently have any evidence that suggests these accounts have been compromised, but we're taking this step as a precautionary measure.
We face constant attacks from people who want to take over accounts or steal information around the world. While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place. If you've forgotten your password or are having trouble logging in, you can access your account through the @Help Center.
- Joined
- Sep 19, 2018
- Messages
- 9,767
- Location
- Ohio
- Joined SLU
- 02-22-2008
- SLU Posts
- 16791
Yeah be aware guys - if these attackers managed to gain access tokens, 2-factor authentication wouldn't have protected your account.
My pseudonym Facebook account was still logged in when I went to the page just now, so I guess I'm one of the lucky ones. If you weren't, I would strongly suggest changing your password. Heck, I guess it would be a good idea to change your password either way.
My pseudonym Facebook account was still logged in when I went to the page just now, so I guess I'm one of the lucky ones. If you weren't, I would strongly suggest changing your password. Heck, I guess it would be a good idea to change your password either way.
Kamilah Hauptmann
Shitpost Sommelier
- Joined
- Sep 20, 2018
- Messages
- 15,043
- Location
- Cat Country (Can't Stop Here)
- SL Rez
- 2005
- Joined SLU
- Reluctantly
- Joined
- Sep 19, 2018
- Messages
- 5,936
- SL Rez
- 2002
- Joined SLU
- Nov 2003
- SLU Posts
- 35836
- Joined
- Sep 19, 2018
- Messages
- 9,767
- Location
- Ohio
- Joined SLU
- 02-22-2008
- SLU Posts
- 16791
OMG yes. Any website you've chosen "log in using Facebook" for is also potentially breached. I've seen those options at many places I've signed up at and never even considered using it - but I bet a lot of people have.
WolfEyes
Well known member no one knows
- Joined
- Sep 20, 2018
- Messages
- 4,502
- SL Rez
- 2004
- Joined SLU
- 2009
Apparently I wasn't affected since I'm still logged in and the only site I use FB to log into is The Sims Resource. I recently removed my payment info so there's that. There's like 5 bucks in my checking just to keep it open.
I hope everyone else is safe, too. Even those who obviously don't like me.
I hope everyone else is safe, too. Even those who obviously don't like me.
- Joined
- Sep 19, 2018
- Messages
- 5,936
- SL Rez
- 2002
- Joined SLU
- Nov 2003
- SLU Posts
- 35836
- Joined
- Sep 19, 2018
- Messages
- 5,936
- SL Rez
- 2002
- Joined SLU
- Nov 2003
- SLU Posts
- 35836