Facebook shared a blog post today which says that it’s “View As” feature had the potential to allow hackers to take over Facebook accounts. And the flaw could have compromised information of more than 50 million accounts info to hackers. The social media giant has however declared that the discovered flaw was fixed and its users need not change their account passwords in a rush.
Although the investigation is still underway, a technical source from Facebook’s backend team reveals that the “View As” flaw allowed cyber crooks to gain access to tokens which are meant to keep users logged into their accounts over multiple sessions.
Note- Facebook’s View As feature allows users to look at their profiles as others see it.
Cybersecurity Insiders has learned that Facebook is investigating on how many of the stolen tokens were used and has taken a precautionary measure of resetting the access tokens on more than 90 million accounts a couple of hours ago.
Reuters says that the technical team of Facebook found the flaw on September 25th, 2018, but delayed to inform its user’s via media for reasons.
More details will be updated shortly!