In our latest security news digest, we check out the Facebook hack heard ’round the world, a Twitter bug that rattled users but may not amount to much, and a pair of serious Linux kernel vulnerabilities.
Facebook scrambles to investigate major breach affecting tens of millions of users
The cyber security world shook on Friday upon learning that attackers exploited a software flaw on Facebook that allowed them to obtain access tokens for 50 million accounts, with another 40 million accounts possibly also affected.
Equally or even more concerning: The purloined tokens could have been used to access accounts in other websites into which their users log in with their Facebook credentials, such as Spotify and AirBnB.
Facebook inadvertently introduced the bug in July of last year. After investigating unusual activity detected in mid-September of this year, Facebook discovered the attack last week.
The attack has made global headlines since its disclosure on Sept. 28, and has naturally drawn scrutiny from security experts, government regulators, Facebook users, and industry observers.
“It’s surprising to me that as popular as Facebook is, no white hat hacker ever discovered and reported this flaw in the past, neither an external pen tester nor Facebook’s internal IT security team,” Paul Bischoff, privacy advocate with Comparitech, told Dark Reading.