Last week’s Facebook hack affecting 50 million users is being called the social media platform’s worst, with new information it has also impacted users of Tinder, Instagram and Spotify.
Facebook confirmed the hack via its Newsroom blog last Friday, citing the attackers took advantage of the platform’s “View As” feature.
The statement from Facebook VP of product management Guy Rosen said: “It’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else.
“This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
It has now been revealed the attackers also gained access to Facebook users’ other social media accounts through linked accounts.
Facebook called the linking between users’ accounts “access tokens”.
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
“The attackers were then able to pivot from that access token to other accounts, performing the same actions and obtaining further access tokens.”
Given many social media users have their digital lives spread across multiple platforms which usually call for a Facebook login, there is little people can do to protect themselves from a hack without going into each app and untying their accounts with Facebook.
Speaking on what is being done at Facebook to prevent future attacks, Rosen added: “To protect people’s accounts, we’ve fixed the vulnerability.
“We have also reset the access tokens of the almost 50 million accounts we know were affected and we’ve also taken the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a View As look-up in the last year.
“Finally, we’ve temporarily turned off the View As feature while we conduct a thorough security review.”
Information is scant about who was targetted and via which social media platform.
However, Facebook has confirmed two users impacted by the hack were Facebook CEO Mark Zuckerberg and COO Sheryl Sandberg.
