All those who could be affected by the error, social network asked to be authorized again.
The company has just started an investigation, the exact cause of the error is unknown. Just in case, social network “threw” 40 million people from the site, forcing them to re-authorize.
Sotsset explained that she perceives the problem “incredibly seriously” and wants everyone to know what happened. The bug allowed you to steal access keys (tokens) to a page and use them to capture a profile. As explained in Facebook, tokens can be considered digital keys that allow users to remain authorized on the site without having to re-enter each time.
Service said that immediately took several actions to solve the problem: closed the vulnerability and informed law enforcement. In addition, the company has reset access keys for 50 million people and is preparing to do the same for another 40 million users – they all have to re-enter the social network with a password.
Users will be “thrown out” of all applications where they were authorized via Facebook, for example, Tinder or Facebook Messenger. After authorizing the top of the news feed, they will see a notice of what happened.
The company also disconnected the feature, which contained a vulnerability and conducts a thorough investigation. As explained in Facebook, the attack provided for the use of several problems in the code. According to preliminary information, the error also appeared due to changes that were made in July 2017 during the update of the video download interface.
In Facebook they noted that they do not yet know if anyone really could use this vulnerability. The company’s engineers promised to talk about this when they themselves understand the situation.