On Saturday morning, I was surprised to see that I had been booted out of my Facebook account and was directed to a page where I was asked to asked to register, as though I were a new user. I didn’t think anything of it, but it appears I wasn’t the only one.
Via its newsroom, Facebook has confirmed that nearly 50 million accounts were found to be threatened by a security issue last week, and that many more could have been at risk. Among them were the accounts of myself, our Technical Director Darren and, not entirely surprisingly given his previous lax attitude to his own cyber security, Facebook CEO Mark Zuckerberg.
Company Vice President of Project Management Guy Rosen admits there was a code “vulnerability” affecting the ‘View As’ function of Facebook pages. This setting allows users to look at a person’s page as though they were somebody else, but it appears that in doing so, Facebook troublemakers were able to seize what Facebook calls ‘access tokens’. These allow users to log in temporarily and (supposedly) securely without re-entering their password, but could obviously cause chaos if acquired by hackers.
Facebook says that it has fixed the problem and reset the access tokens for the 50 million accounts it knows to have been at risk, along with another 40 million as a precaution. This actually means that 90 million users in total had to log in again following Facebook’s measures, so if you were one of them, there is some ambiguity over whether your page was directly at risk or was identified as one of the 40 million acted upon as a safeguard.
Either way, it’s a little disconcerting to learn that people were able to access details potentially affecting tens of millions of users’ online security, and one wonders how many other Facebook ‘vulnerabilities’ are waiting to be discovered. Appropriately, today is the start of European Cyber Security Month, and it appears that Facebook and other social media sites are going to have their work increasingly cut out as time advances and cybercrime becomes more of an issue. Indeed, this was over the same weekend in which a Taiwanese hacker had threatened to live stream himself hacking into Zuckerberg’s account before announcing he had cancelled the plans.
It’s a reminder that as individuals, we all have a responsibility to protect ourselves online by choosing secure passwords, watching who we share details with, and logging out of accounts where we can, particularly on shared devices. We also have a right to expect watertight security measures from major websites like Facebook, however, and while it seems that the site acted just in time, a more proactive rather than reactive approach to deterring cybercriminals might be a little more comforting.
- How to find a circular reference on Excel - May 23, 2024
- Five life skills learned from internet marketing - January 3, 2024
- How artificial intelligence can (and can’t) help you write content - September 29, 2023