Facebook hacked again - 50 million accounts at risk

Even September 25 developers of social network learned of the burglary, but guard against leakage of accounts have been adopted only after 3 days.

September 25 developers Facebook reported a serious vulnerability in the protection of their social network. A huge "hole" in security allows you to log in to a user account through the interception of a session token. To prevent your account from seizure, representatives of the world's largest social network is already September 28 broke all session user accounts, that is done forcibly logged out on the site and in all applications.

It is reported that the problem has affected about 50 million accounts, but the logout was performed on 90 million accounts. In this case, passwords and other important information is not flowed - have been compromised by a user session. The developers have assured people that the vulnerability is fixed, as well as to the police, as the prevailing threat was not provided in advance backdoor. Facebook representatives are confident that the exploit was discovered and used by third parties for profit. However, accurate data on the compromised accounts and the people behind the attack yet.

The very vulnerability related to the function "See how"Which allows you to see your profile from other social network users. Just when this function and could intercept user profile session, which is used on mobile devices, so as not to enter the password every time you log on to Facebook. At this point, the function "View as" disabled before completing its detailed security analysis.

It is noteworthy that 28 September hacker Chang Hsi-yuan (Chang Chi-yuan) from Taiwan threatened to hold a live broadcast, in which he will remove with the help of a bug the official page of Mark Zuckerberg to Facebook. But shortly before the Stream Chang said that he would not do it, and the vulnerability of the transferred developers of social network information for a fee. Facebook representatives have made it clear that the Taiwanese hacker has no relation to the interception of sessions.