Image used from www.shopcatalog.com, all credit goes to its author.
On September 28th, Facebook announced it suffered an attack that affected almost 50 million users. The hack required the chaining of multiple vulnerabilities, being one of them in the “View As” feature, that help users control their privacy by previewing how other users see their profile.
These vulnerabilities provided the attackers with Access Tokens that could be used to access other accounts. You can think of these Access Tokens as something your device/app automatically sends to Facebook instead of your credentials. This prevents you from having to type your login and password everytime you open the Facebook app or other applications that use Facebook for authentication (e.g. Instagram).
What exact information was breached is yet to be determined, as well as the real number of affected users: as a precaution, Facebook reset Access Tokens for over 90 million users (almost twice the number of affected users).
Now imagine this happening to your company: you would have to tell the world you failed at protecting your users and be subject to fines under the GDPR, just to name a few consequences.
So, how do you protect your company from being hacked just like Facebook was?
Read the rest of this story with a free account.
Already have an account? Sign in
Author
- BlogSeptember 23, 2023Leveraging AI in Cybersecurity: Transforming Threat Detection, Prevention, and Beyond
- BlogAugust 24, 2023How Simply Browsing The Internet Gives Scammers An Advantage – And What You Can Do About It
- BlogJuly 1, 2022WEF - WiFi Exploitation Framework
- BlogMay 19, 2022Osmedeus is a Workflow Engine for Offensive Security