O Facebook anunciou durante a semana passada que um ataque na sua rede expôs informações pessoais de cerca de 50 milhões de utilizadores.
O Facebook descobriu a violação de segurança a semana passada, os atacantes exploraram um bug no recurso “Ver como” para roubar tokens de acesso dos utilizadores e invadir as suas contas.
O Facebook identificou a falha explorada no ataque e já o corrigiu, imediatamente lançou uma investigação sobre o problema.
Guy Rosen, gestor de produtos do Facebook, explicou que os invasores exploraram uma vulnerabilidade associada ao recurso “Visualizar como” do Facebook, que lhes permitia roubar tokens de acesso ao Facebook. Esses tokens poderiam ser usados para assumir as contas das pessoas.
“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts.” stated Guy Rosen, Facebook VP of Product Management.
“Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.”
O Facebook desativou o recurso “Visualizar como” em resposta ao incidente, a empresa redefiniu os tokens de segurança para as 50 milhões de contas impactadas e, como medida de precaução, as redefiniu para outras 40 milhões de contas.
“Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.” continues Guy Rosen.
“Third, we’re temporarily turning off the “View As” feature while we conduct a thorough security review.”
O Facebook revelou que o bug explorado pelos invasores foi introduzido numa alteração no recurso de upload de vídeo deployed em julho de 2017.
“We’re taking it really seriously,” Mark Zuckerberg, the company’s chief executive, said in a conference call with reporters. “We have a major security effort at the company that hardens all of our surfaces.” He added: “I’m glad we found this. But it definitely is an issue that this happened in the first place.”
O Facebook irá detalhar o problema quando a investigação estiver completa.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.