- October 11, 2018
- Posted by: Lauren Orebo
- Category: Uncategorized

On September 28, 2018, Facebook reported to its users that their engineering team found a critical security issue three days prior that affected as many as 90 million of their users. Unlike in the past where security breaches were connected to third-party participants like Cambridge Analytica that accessed personal data, this newest vulnerability allowed hackers to access and control user accounts. While the View As bug was repaired by Facebook, it does little to correct the narrative that the social media giant is susceptible to other similar attacks in the future.
What Are Access Tokens?
The View As feature allowed users to see their profiles as other users did. Facebook allowed the attackers to capitalize on the coding to steal access tokens used to take control of the accounts. Access tokens are the credentials that access Facebook APIs and allow social media users to log in to the application and stay logged in without reinitiating the password upon return.
Facebook Response To Access Token Exposure?
Facebook first notified the public that they corrected the access token breach and notified the proper authorities so that a thorough investigation could occur. Secondly, they reset the access tokens of 50 million users who had accessed the View As feature as well as an additional 40 million users who may have been affected by the issue. If you were asked to log back into Facebook apps, it was because of your use of this feature which you would have received a notification from the platform upon initiation of a log-in. Facebook also temporarily deactivated the View As feature to give them time to conduct a full security review of data-breach issues.
Facebook noted that the attack on their code stemmed from a change made in July 2017 to their upload video feature which also caused a change in View As coding. It did not create an access token for the Facebook user looking but for the person being looked up. The security notification also noted that the attackers not only had to locate this vulnerability in the feature but also had to figure out how to veer from it to other user accounts to access more tokens. While they are sure of the problem, they were less direct about possible damage because of user data accessibility.
Is Facebook Doing Enough To Prevent Attacks?
Facebook has continually paid great attention to security and data privacy. As Facebook is the leader in social media, it is not unusual that it is the primary platform susceptible to attacks. This latest attack, however, is different in that it was preventable had they paid more attention to feature changes. Most especially when access tokens are used in coding, this latest breach sets a standard that more is needed in-house to prevent vulnerabilities when feature changes occur.
While our experts at Frogman Media Group cannot fix Facebook coding, we can help you manage your social media content creation, interaction, engagement, and comment and messaging monitoring. We will also help you with social media advertising and management. Want to know more? Contact sabrena@frogmanmediagroup.com or call 310-427-7706.