Islamabad: As the investigation around the latest data breach involving Facebook continues, the company claims that it has patched the vulnerability and informed the law enforcement authorities.
Facebook has been under fire for the recent data breach that affected nearly 90 million users.
The news of this breach was first shared by the social media giant itself on Friday, September 28. In the blog post, Facebook’s VP Product Management Guy Rosen shared that a vulnerability in the “View As” feature of the app allowed unidentified hackers to get hold of access tokens and potentially take control of the Facebook accounts.
While the company is still investigating the matter, they instantly logged out 90 million accounts they believed could be affected. However, it is not clear to what extent the hackers were able to access the account information. More information may surface as the company investigates the breach.
Talking to Digital Rights Monitor, the Facebook spokesperson noted that initial investigations into the breach revealed that there was no evidence of third-party apps being accessed by hackers. “Facebook has also analyzed its logs for all third-party apps installed or logged in during the attack discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login”.
The spokesperson also emphasized that the vulnerability was fixed and that users of affected accounts did not need to change passwords. It is interesting to note that some suggestions circulating in the aftermath of this breach also urged users to immediately change the passwords of their accounts, creating a panic-like situation for some users. However, the Facebook spokesperson said: “people who are having trouble logging back into Facebook — for example, because they’ve forgotten their password — should visit Facebook’s Help Center”.
Talal Raza is a Program Manager at Media Matters for Democracy. He has worked with renowned media organizations and NGOs including Geo News, The Nation, United States Institute of Peace and Privacy International.