Facebook Hack: How can your company avoid getting hacked? by Tiago Mendo

May 17, 2019

Image used from www.shopcatalog.com, all credit goes to  its author. 

On September 28th, Facebook announced it suffered an attack that affected almost 50 million users. The hack required the chaining of multiple vulnerabilities, being one of them in the “View As” feature, that help users control their privacy by previewing how other users see their profile.

These vulnerabilities provided the attackers with Access Tokens that could be used to access other accounts. You can think of these Access Tokens as something your device/app automatically sends to Facebook instead of your credentials. This prevents you from having to type your login and password everytime you open the Facebook app or other applications that use Facebook for authentication (e.g. Instagram).

What exact information was breached is yet to be determined, as well as the real number of affected users: as a precaution, Facebook reset Access Tokens for over 90 million users (almost twice the number of affected users).

Now imagine this happening to your company: you would have to tell the world you failed at protecting your users and be subject to fines under the GDPR, just to name a few consequences.

So, how do you protect your company from being hacked just like Facebook was?

Read the rest of this story with a free account.

Already have an account? Sign in

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.