Facebook hack gets worse as company admits Instagram and other apps were exposed too
The Facebook hack is even worse than was at first clear, the company has admitted. The site had already admitted that a hole in its code would allow people to gain access to any account, in a problem that affected some 50 million users. But it later said that the problem would also affect its ‘Facebook Login’ service, which allows other apps to use people’s Facebook account to login.
The latest hack involved bugs in Facebook’s ‘View As’ feature, which lets people see how their profiles appear to others. The attackers used that vulnerability to steal the digital keys, known as ‘access tokens,’ from the accounts of people whose profiles were searched for using the ‘View As’ feature. The attack then moved along from one user’s Facebook friend to another.
Possession of those tokens would allow attackers to control those accounts. The nature of the hack means that there is little users can do to protect themselves. Facebook says it has already fixed the flaw by logging everyone out of their accounts and suspending the ‘view as’ feature.