Today, the European privacy regulators have announced that Facebook may face $1.63 billion in fine from the European Union (EU) privacy watchdog. Now, all this happened because of Facebook’s latest data breach. And, that for exposing the data of at least 50 million user accounts. Now, the main reason for the data breach was a vulnerability in the code of “View As” feature of Facebook. In case you don’t know, this feature lets people see what their own profile looks like to someone else.
According to a report in The Wall Street Journal on Sunday, this vulnerability allows the attackers to steal Facebook access tokens. Further, these tokens give access to the Facebook Accounts. And, taking advantage of this, 50 million accounts got sacrificed, by the attackers. Now, Access tokens are the equivalent of digital keys that keep people logged into the social network. So, this prevents you from re-entering your password every time you use the app.
Now, the good news is that the access tokens for those 50 million accounts have now been reset. So, this means, you will find yourself logged out of the Facebook if you were among those unlucky ones. Further, you need to re-fill your password to login into your Facebook account. In case you don’t know, there’s no need for you to change your passwords again. This is because the attackers can never access your accounts without the Access Token Key.
Now, Facebook is taking steps of resetting access tokens for another 40 million accounts. These accounts have been subject to a “View As” lookup in the last year. So, in whole, 90 million accounts need to log back into their Facebook accounts. Once, you log back in Facebook will also give you a notification at the top of your News Feed explaining what happened to your account.
For now, Facebook is turning off the View As feature on Facebook. A dedicated team will review the feature before making it available again. According to the Law enforcement agencies, Facebook has fixed the vulnerability. Further, Facebook is still investigating the whole incident.