Facebook has been under speculative radars since it came into highlights for its indirect participation in Cambridge Analytica disinformation project that affected millions of users.
From that point, one of the largest social media portals stands amidst questions about protecting the data of its users. The most recent data breach that has affected 50 million users has further intensified the situation for Facebook on a global level.
Reports suggest that hackers this time exploited a feature Facebook’s code to access the personal information of Facebook users, after which they were able to gain control over users accounts. Guy Rosen, a vice president of product management at Facebook till now has not given any confirmation on whether the attack could have been coordinated by hackers supported by state actors.
The detailed investigation highlighted that hackers were able to exploit misaddressed build in vulnerabilities software flaws in Facebook’s systems. The hackers did not limit to hacking of generic accounts but also were able to break into accounts of top executives Mark Zuckerberg and Sheryl Sandberg. The worrisome part is since there is common sign up with Facebook for apps like Spotify, Instagram the hack will have affected them all.
As reported, Facebook said that flaws were compounded by a bug in video-uploading program for birthday celebrations, software introduced in July 2017. The flaw allowed the attackers to steal so-called access tokens — digital keys that allow access to an account.
Since the company forced more than 90 million users to log out early Friday, a common safety measure password of the user account of was not compromised but security researchers claimed that hackers could have easily use millions of secret access tokens to programmatically fetch information from each account using an API, without actually having your password or two-factor authentication code.
Facebook also claimed that it had taken note of the vulnerabilities and fixed the larger question remains that why a proactive approach towards addressing such vulnerabilities has been missing from the company.
Critics have expressed their concern over such frequent “Breaches don’t just violate our privacy. They create enormous risks for our economy and national security,”. The lawsuits on Facebook given the existing breach certainly has complicated things for the company but at the same time has also reminded the cyber security experts of the ever-growing vulnerabilities in the digital world.