Facebook data breach: 50 million users affected
Facebook founder Zuckerberg has just personally announced a security incident, and the hacker group has successfully stolen the API Token interface key for 50 million users.
The interface key is a feature that Facebook launches for user convenience. Anyone who successfully obtains a key can operate the account without using a password.
The vulnerability is in the “View As” function of Facebook to view strangers and random users. Hackers can use this vulnerability to create unlimited keys for users.
Under normal circumstances, the open interface will only be used by developers. For ordinary users, even if they apply for a key, they may not know how to use the key.
It is also true that Facebook has suddenly discovered that a large number of users have actively created keys since September 16, and then the company realized that there might be a problem and was maliciously attacked.
Facebook has not yet determined whether user information has been leaked:
The company’s initial announcement stated that the preliminary investigation did not reveal any information disclosure, but Facebook also found that hackers had begun using interface keys.
The hacker develops an application for information collection and then logs in using the user key. The ultimate goal of the hacker is to capture more detailed information from the user.
This means that there must have been user data hacked, and Facebook immediately resets the user’s interface key to invalidate the hacker’s key.
It is worth noting that Facebook does not need to change the password because the hacker logs in through the key instead of the password and cannot obtain the password through the key.