zlacker

[return to "Facebook Network Breach Impacts Up to 50M Users"]
1. dom96+D[view] [source] 2018-09-28 16:52:12
>>colone+(OP)
Some more details here: https://newsroom.fb.com/news/2018/09/security-update/
◧◩
2. sdwise+e1[view] [source] 2018-09-28 16:56:10
>>dom96+D
> But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts

oh boy, what a mess.

◧◩◪
3. erichu+F1[view] [source] 2018-09-28 16:59:54
>>sdwise+e1
User impersonation code always terrifies the bajeebus out of me.
◧◩◪◨
4. sp332+y3[view] [source] 2018-09-28 17:13:04
>>erichu+F1
You only get to see your own profile. It's a very useful tool to make sure you're not leaking data you people you'd rather not give it to.
◧◩◪◨⬒
5. seq+ec[view] [source] 2018-09-28 18:06:59
>>sp332+y3
Well, thanks to Facebooks "View As" functionality, I recently discovered that their privacy setting "Only Me" does not work for only me, if another person is tagged in the picture. Meaning that if I have a picture with my ex somewhere in profile, set to "Only Me", it actually means "Only me... and her".
◧◩◪◨⬒⬓
6. sp332+Hc[view] [source] 2018-09-28 18:11:16
>>seq+ec
Right, the interface isn't very clear but instead of "Only Me" it shows "Only Me (+)" and if you hover it says: "Only Me, Anyone tagged."
[go to top]