Serious discovery in the security of Facebook systems: disconnected the 90 million accounts probably affected by the hacker attack.
On Friday evening the details of thehacker attack suffered by Facebook, which hit an enormous amount of profiles: that's what happened.
A week of fire for Facebook that ends, which required the utmost commitment from the Menlo Park engineers, in addition to collaboration with law enforcement agencies. All this work to understand what really happened and how the users' private information is been exposed to great risks.
Mark Zuckerberg in person to talk about it for the first time in an open and informal way with a post on his profile explaining what happened, published in order to understand the scope of the attack.
On Tuesday 25 September an engineer noticed a serious one security flaw in Facebook systems, through a function that can be used by anyone in their profile: it's called View as and an option that allows you to better manage your privacy. Through its use, in fact, each user can see how their profile appears to people who do not I'm still in the circle of friends; an additional tool that allows you to find out what information is publicly shared and which, instead, remains confidential.
An update of the functionality in 2017 as explained by Guy Rose, vice president of product management of Facebook has resulted in a bug that represents a flaw in the security system of the social network. This bug allowed attackers not only to get information from 50 million people registered, but also of their profiles and associated services.
Measures against hacker attack on Facebook
Zuckerberg and his family illustrated what had been done since the day of the discovery: first, the i were invalidated token access, or rather those digital keys that allow the user to remain logged in the Facebook application, avoiding the need to re-enter each time the password. In this way, the tokens of 50 million people have been reset, with the consequence that the users have been automatically disconnected, that to re-access the profile they had to log in again with entering the password. Secondly, via preventive, the offending function has been temporarily disabled View how, and another 40 million potentially involved profiles have been disconnected according to the same dynamics, that is all those people who have resorted to the function since that distant July 2017.
The profiles involved, therefore, have experienced an apparent unmotivated logout, but Zuckerberg specifies that all accounts likely to have been secured and that, however, it is not known yet whether sensitive information has been stolen or any misuse of the same is known .
The investigations underway have just begun, since the company informed the FBI to shed light on the issue: in the meantime, the computer security experts advise to change Password, in spite of what was stated by Zuckerberg on the superfluit of this precaution.