zlacker

[return to "Facebook Network Breach Impacts Up to 50M Users"]
1. IvyMik+t4[view] [source] 2018-09-28 17:19:31
>>colone+(OP)
So here is a question: my girlfriend only uses FB on her laptop, and always logs out when she's done. I usually make fun of her for doing this.

But does this mean most of the time that there was no active access token and she is mostly safe? (Excluding the windows of time where she was actively using FB) Do I have to take back all of my teasing?

◧◩
2. modele+i5[view] [source] 2018-09-28 17:25:07
>>IvyMik+t4
I doubt it. The "View As" feature does not require the target to be currently logged in to Facebook AFAIK.
◧◩◪
3. IvyMik+z9[view] [source] 2018-09-28 17:51:53
>>modele+i5
This is an interesting point. Right now, I can't reconcile the "we canceled active sessions thus logging people out" as a fix with the fact that "View As" was the attack vector.
◧◩◪◨
4. leddt+ih[view] [source] 2018-09-28 18:42:51
>>IvyMik+z9
I'm guessing they invalidated all access tokens for accounts that have been used as "View As" targets since the issue was introduced.

They also disabled "View As" which is the actual fix for the time being.

[go to top]