Facebook Hack: How can your company avoid getting hacked? by Tiago Mendo

Image used from www.shopcatalog.com, all credit goes to  its author.  On September 28th, Facebook announced it suffered an attack that affected almost 50 million users. The hack required the chaining of multiple vulnerabilities, being one of them in the “View As” feature, that help users control their privacy by previewing how other users see their profile. These vulnerabilities provided the attackers with Access Tokens that could be used to access other accounts. You can think of these Access Tokens as something your device/app automatically sends to Facebook instead of your credentials. This prevents you from having to type your login and password everytime you open the Facebook app or other applications that use Facebook for authentication (e.g. Instagram). What exact information was breached is yet to be determined, as well as the real number of affected users: as a precaution, Facebook reset Access Tokens for over 90 million users (almost....