Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: not2easy
... it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As” ...This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.
As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.
[edited by: not2easy at 1:32 pm (utc) on Sep 29, 2018]
[edit reason] topic drift [/edit]
Ireland’s Data Protection Commission, which is Facebook’s lead privacy regulator in Europe, said Saturday that it has demanded more information from the company about the nature and scale of the breach, including which EU residents might be affected.
The number of potentially affected EU accounts is less than 10% of the 50 million accounts in total potentially affected by the security breach.
We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.
Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens – were automatically protected when we reset people’s access tokens. However, out of an abundance of caution, as some developers may not use our SDKs — or regularly check whether Facebook access tokens are valid — we’re building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out.
If you got one of those messages, there are a couple of things you can do: First, check on your friend’s account and make sure it’s not a clone of their real account (if you search their name and find two completely identical accounts, that’s a pretty good sign that one is a clone). And if you were messaged by a “clone” of your friend, then report [facebook.com] that account to Facebook -- cloned accounts violate Facebook’s Community Standards.
For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles). For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.
And if you were messaged by a “clone” of your friend, then report that account to Facebook -- cloned accounts violate Facebook’s Community Standards
...what little I ever let FB have...Well that's the FB ruse, that they let you control how much personal info you disclose.