zlacker
[parent]
[thread]
2 comments
1. IvyMik+(OP)
[view]
[source]
2018-09-28 17:51:53
This is an interesting point. Right now, I can't reconcile the "we canceled active sessions thus logging people out" as a fix with the fact that "View As" was the attack vector.
replies(2):
>>rstupe+C2
>>leddt+J7
◧
2. rstupe+C2
[view]
[source]
2018-09-28 18:06:48
>>IvyMik+(OP)
It's likely the fix required the kill active sessions which cause new keys to be generated on sign in
◧
3. leddt+J7
[view]
[source]
2018-09-28 18:42:51
>>IvyMik+(OP)
I'm guessing they invalidated all access tokens for accounts that have been used as "View As" targets since the issue was introduced.
They also disabled "View As" which is the actual fix for the time being.
[go to top]