A Facebook hack, or vulnerability, has been found on Friday 28th September which has led to the disabling of the “View As” feature.
“View As” was a handy feature which let you view your Facebook profile as a member of the public, or as a specific friend, letting you make sure your security settings were set as you wanted them for various friends groups of the public – which is also the way Google searches & indexes the information on your profile.
How did the Facebook hack happen?
“Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘view as’, a feature that lets people see what their own profile looks like to someone else.” said Facebook’s vice president of product management Guy Rosen.
Mark Zuckerberg took to Facebook to explain the Facebook hack which has seen 50 million accounts compromised. It has been blamed on a code issue with the ‘view as’ feature. This has been disabled for now while the investigation continues, but the extent of the issue and what data was exploited is still unknown at the moment. The View As feature could be exploited to gain ‘access tokens’ of other users, which could lead to their profile being accessed by the hackers.
A simple statement is now in its place: “The ‘Preview my Profile’ feature is temporarily disabled. Please try again later.”
Any users whose access tokens were suspected to have been compromised were logged out and asked to log back in again when they next visited the site. We’d recommend you changes your Facebook password as a precaution now anyway although there is no evidence any actual passwords were compromised.
It’s not the first time Facebook has has issues with hacking or security. The company is now facing a class-action complaint filed on behalf of one California resident, Carla Echavarria, and one Virginia resident, Derick Walker. Both allege that Facebook’s lack of proper security has exposed them and additional potential class members to a significantly increased chance of identity theft as a result of the breach.