Author: Brian Barrett / Source: WIRED
On Friday, Facebook revealed that it had suffered a security breach that impacted at least 50 million of its users, and possibly as many as 90 million. What it failed to mention initially, but revealed in a followup call Friday afternoon, is that the flaw affects more than just Facebook.
If your account was impacted it means that a hacker could have accessed any account that you log into using Facebook.That’s a lot of them. You can read a fuller accounting of the hack here, but essentially it combines three bugs relating to Facebook’s “View As” feature, which lets users see what their profiles look like when other people view them. A video upload tool—intended to enable “Happy Birthday” videos—would erroneously appear on the “View As” page, and provide the access token of whomever the hacker searched for.
Facebook initially responded by logging out both the 50 million people it knows were affected by the attack, and an additional 40 million who were looked up with the “View As” tool in the last year. It also hit pause on the “View As” feature. But the second revelation Friday indicates that the fallout may be far more widespread than initially indicated.
Beyond the impact on Facebook accounts themselves, the company confirmed that breach impacted Facebook’s implementation of Single Sign-On, the practice that lets you use one account to log into others. The idea is to use a trusted service—like Facebook Google, Twitter, and so on—to log into sites and services across the web, rather than create a unique profile for each one.
That saves time, and ensures you’re logging in through an entity you trust. In this case, it also appears to have potentially made Facebook’s breach an internet-wide calamity, at least for those impacted.“The access token enables someone to use the account as if they were the account holder…
The post The Facebook Security Meltdown Exposes Way More Sites Than Facebook appeared first on FeedBox.