When did you finally clock that being publicly tagged in that ‘Zante 2006 oi oi!!!’ Facebook photo album was a bad idea? It was probably in the midst of a job interview, on the bus home from a good date, or in the cold sweat of a heart-pounding night terror.
Whatever the situation, you probably performed a desperate deep dive into your Facebook privacy settings as soon as possible. You shut the digital curtains, superglued them together, and then you popped on to your profile and chose the ‘View As’ option to see what your freshly-wiped feed looked like to outsiders.
Ironically, it's that innocuous, privacy-conscious move that has left some 50 million users vulnerable to hackers, according to the Independent.
Attackers used the ‘View As’ feature to steal the digital keys (“access tokens”) from users who were searched for within the feature, eventually passing from Facebook friend to Facebook friend. It meant hackers could infiltrate the users’ account and all their linked profiles, including Instagram and Tinder.
"The vulnerability was on Facebook, but these access tokens enabled someone to use the account as if they were the account-holder themselves," said Guy Rosen, Facebook's vice president of product management, addressing the vulnerability in a blog post on Friday.
Facebook has addressed the bug, which also affected the “happy birthday” video function, by logging everyone out of their accounts and stopping the ‘View As’ option.
“There is no evidence that people have to take action such as changing their passwords or deleting their profiles," said a spokesperson for the National Cyber Security Centre.
“However, users should be particularly vigilant to possible phishing attacks, as if data has been accessed it could be used to make scam messages more credible.”
Nick Pope is the Site Director of Esquire, overseeing digital strategy for the brand.
