Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
March 19, 2019
arrowPress Releases







If you enjoy reading this site, you might also want to check out these UBM Tech sites:


50 million Facebook accounts hit by account hijacking security exploit

50 million Facebook accounts hit by account hijacking security exploit

September 28, 2018 | By Alissa McAloon




Facebook has learned of a security vulnerability that has opened up millions of its users to account theft over the past year, though the company notes it is still investigating any impact the exploit has had to date.

While the exploit wasn’t related to Facebook’s game platform itself, the issue potentially affects 50 million Facebook accounts, making it an issue developers using the platform should be well aware of.

The issue itself is detailed in a blog post shared by Facebook and has since been fixed and reported to law enforcement. While the cause for the vulnerability seems to, by Facebook’s reports, be the result of several different small issues in the platform’s code, the core issue itself involved the “view as” feature that is intended to let a user see what information they’re showing other Facebook users. 

However, an issue with “View As” instead let attackers take access tokens from Facebook accounts and allow them to hijack those accounts themselves by using the tokens to log in as an exploited user. 

Facebook says that it has now reset the access tokens of the nearly 50 million accounts it knows to be affected, and has reset the access tokens for an additional 40 million accounts that aren’t known victims but had “View As” activity in the past year. Any affected users will have to log back into Facebook, both on the site and any third-party apps or locations using Facebook login, and have been sent a notice about the issue.

“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” reports Facebook. “We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.”



Related Jobs

Game Mechanic Studios
Game Mechanic Studios — North Hollywood, California, United States
[03.19.19]

Senior 3D Environment Artist
Skybox Labs
Skybox Labs — Vancouver, British Columbia, Canada
[03.18.19]

Software Engineer
Insomniac Games
Insomniac Games — Durham, North Carolina, United States
[03.18.19]

Sr. Environment Artist
Maximum Games
Maximum Games — Walnut Creek, California, United States
[03.15.19]

Release Manager









Loading Comments

loader image