CCU tells citizens to monitor updates after global Facebook hack

AMMAN — The Cyber Crime Unit (CCU) on Saturday called on citizens to follow the updates from Facebook and log out of all accounts and log in with their correct passwords, the Jordan News Agency, Petra, reported. 

The CCU stressed the need to review the security steps and any unusual changes in the account, and review the financial transactions of credit cards for users of Facebook.

Around 50 million accounts were exposed to hacking by exploiting the site’s “view as” feature, according Facebook’s news centre.

Facebook explained that the breach is due to a gap in the code of the “view as” feature, which enabled hackers to obtain the access tokens of these accounts.

Facebook admitted that 50 million accounts were accessed by hackers in the monumental security breach — allowing them to see personal info, photos and even private messages, UK-based, The Sun, reported.

Speaking to reporters, Facebook revealed the significant danger behind this hack: “Attackers could use the account as if they were the account holder.” 

“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts”, said Facebook’s Guy Rosen, adding that “we’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security”.

According to Facebook, the attackers exploited a vulnerability in the website’s code, affecting its “View As”, which is a feature that lets you see what your own profile looks like to someone else.

Access tokens are like digital keys that keep you logged into Facebook — so you don’t have to re-enter your password every time you use the app.

Facebook said it had “fixed the vulnerability”, and told law enforcement about the issue.

The world’s largest social network has also reset the access tokens for the 50million accounts that Facebook admits were affected.

Facebook said they were resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year — as a precautionary measure.

This means that roughly 90million users will be logged out of Facebook, and any apps linked to Facebook.

Facebook said that there was no evidence private message had been accessed, but that hackers were able to “use [accounts] as if they were the account holder”.

However, Facebook confirmed that credit cards and passwords hadn’t been stolen.

Facebook has also temporarily turned off the “View As” feature so it can “conduct a thorough security review”.

On a conference call with reporters, Mark Zuckerberg declined to answer whether he would stand down as CEO, according to The Sun.

Instead, he said: “I’m glad that we found this and that we were able to fix the vulnerability and secure the accounts.

“It definitely is an issue that this happened in the first place.This underscores the attacks that our community faces,” He said, adding that “security is an arms race and we’re continuing to improve our defences”, The Sun reported.