When you log into any social media platform, you are issued a unique app token, which is usually a hashed string. This allows us to avoid logging in everytime we want to access Facebook, LinkedIn, etc. Hashing this string is supposed to make it impossible for a hacker to brute force figure out. Yet, somehow, hackers have found a zero-day vulnerability in Facebook’s software, which has given them access to 50 million users’ tokens. With this, they presumably could access a user’s account and all of their account data. Also, when users do things on Facebook, such as make a post or like a picture, Facebook first checks their token to make sure they’re someone who is authorized to do these things. Hence, another risk, aside from data and information theft, is that hackers with these access tokens used them to do things on Facebook, like post advertisements or inflammatory posts, under someone else’s name.
https://thehackernews.com/2018/09/facebook-account-hack.html
Leave a Reply
You must be logged in to post a comment.