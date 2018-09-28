Gamasutra: The Art & Business of Making Gamesspacer
SEARCH
GO
GAME JOBS
updates Blogs contractors newsletter store
SEARCH
GO

arrow
PROGRAMMING
spacer
ART
spacer
AUDIO
arrow
DESIGN
arrow
PRODUCTION
arrow
BIZ/MARKETING

arrowLatest Jobs
View All     RSS
September 28, 2018
arrowLatest Blogs
View All     Post     RSS
September 28, 2018
arrowPress Releases
September 28, 2018
Games Press
View All     RSS
arrowAbout
  • Editor-In-Chief:
    Kris Graft
  • Editor:
    Alex Wawro
  • Contributors:
    Chris Kerr
    Alissa McAloon
    Emma Kidwell
    Bryant Francis
    Katherine Cross
  • Advertising:
    Libby Kruse
Contact Gamasutra
Report a Problem
Submit News
Comment Guidelines
Blogging Guidelines
How We Work
Sponsor
arrowGama Network
If you enjoy reading this site, you might also want to check out these UBM Tech sites:
Game Career Guide
Indie Games

50 million Facebook accounts hit by account hijacking security exploit

50 million Facebook accounts hit by account hijacking security exploit

September 28, 2018 | By Alissa McAloon
September 28, 2018 | By Alissa McAloon
Comments
    Post A Comment
More: Console/PC, Social/Online

Facebook has learned of a security vulnerability that has opened up millions of its users to account theft over the past year, though the company notes it is still investigating any impact the exploit has had to date.

While the exploit wasn’t related to Facebook’s game platform itself, the issue potentially affects 50 million Facebook accounts, making it an issue developers using the platform should be well aware of.

The issue itself is detailed in a blog post shared by Facebook and has since been fixed and reported to law enforcement. While the cause for the vulnerability seems to, by Facebook’s reports, be the result of several different small issues in the platform’s code, the core issue itself involved the “view as” feature that is intended to let a user see what information they’re showing other Facebook users. 

However, an issue with “View As” instead let attackers take access tokens from Facebook accounts and allow them to hijack those accounts themselves by using the tokens to log in as an exploited user. 

Facebook says that it has now reset the access tokens of the nearly 50 million accounts it knows to be affected, and has reset the access tokens for an additional 40 million accounts that aren’t known victims but had “View As” activity in the past year. Any affected users will have to log back into Facebook, both on the site and any third-party apps or locations using Facebook login, and have been sent a notice about the issue.

“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” reports Facebook. “We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.”

Related Jobs

Phosphor Studios
Phosphor Studios — Chicago, Illinois, United States
[09.27.18]
Unreal Programmer
Schell Games
Schell Games — Pittsburgh, Pennsylvania, United States
[09.26.18]
Senior Unreal Game Engineer
Schell Games
Schell Games — Pittsburgh, Pennsylvania, United States
[09.26.18]
Senior Designer
Bohemia Interactive
Bohemia Interactive — Mníek pod Brdy, Czech Republic
[09.26.18]
Game Programmer


[View All Jobs]


Top Stories

Using interior mapping to render rooms without geometry
Devs will need to code creatively to get the most out of the Oculus Quest
Blog: Understanding triple-A, startups, and mobile with Richard Khoo
Three pain points in the production and design of Shadow of the Tomb Raider


[Next News Story]    [View All]


Loading Comments
loader image