facebook 关注的人_您是否退出了Facebook? 因为有五千万人被黑
facebook 关注的人
The bad news for Facebook’s users just won’t end. Today Facebook had to admit that the accounts for 50 million people were somehow accessed by hackers abusing a little-known feature.
对于Facebook用户来说,坏消息不会结束。 今天,Facebook必须承认,滥用一种鲜为人知的功能的黑客以某种方式访问了5000万用户的帐户。
The “View As” feature gives you the ability to see what your profile looks like to somebody else—so you can check to see whether your privacy settings are being correctly applied, for example.
“查看方式”功能使您可以查看他人的个人资料,例如,您可以检查自己的隐私设置是否正确应用。
Hackers were able to abuse a security hole in this feature to steal access tokens to take over people’s accounts—basically, the login cookies that keep you logged in. This is not unlike the session hijacking attacks that were starting to be prevalent a number of years ago by people sniffing network traffic at hotspots. It’s one of the reasons you’d always want to use a v*n, and why the web has been switching to HTTPS. Except, in this case, the bug was in Facebook’s code so nothing could protect you.
黑客能够滥用此功能中的一个安全漏洞,以窃取访问令牌来接管人们的帐户(基本上是使您保持登录状态的登录Cookie)。这与几年前开始流行的会话劫持攻击不同以前,人们在热点地区嗅探网络流量。 这是您一直想要使用v*n的原因之一,也是网络一直切换到HTTPS的原因之一。 除了这种情况外,该错误是Facebook代码中的错误,因此没有任何东西可以保护您。
The problem appeared to be in a video uploader for sending messages, which shouldn’t have shown on the View As page, but it did. Once that video uploader was opened, the bug would then essentially log the hacker in as the account that the profile was being viewed as. So they could then harvest everybody’s friends list, exploiting the bug to login as every single friend of a friend until 6 degrees of Kevin Bacon later, they had accessed 50 million accounts.
问题似乎出在用于发送消息的视频上传器中,该视频不应显示在“查看为”页面上,但确实可以。 打开该视频上传器后,该错误实际上将以查看个人资料的帐户登录黑客。 这样一来,他们便可以收获每个人的朋友列表,利用该漏洞以每个朋友的单个朋友身份登录,直到Kevin Bacon的6度身份之后,他们已经访问了5000万个帐户。
您需要知道的 (What You Need to Know)
Update: We now know that it’s very likely other applications using Facebook login were affected, and hackers could have accessed stuff like Instagram, Tinder, Spotify, or any number of other things.
更新:我们现在知道,使用Facebook登录的其他应用程序很有可能会受到影响,并且黑客可能已经访问了Instagram,Tinder,Spotify等东西。
Details on this debacle are very thin at this point, but here are the things that we do know:
关于此崩溃的细节目前还很薄,但是这是我们所知道的:
- 50 million accounts were accessed. 已访问了5000万个帐户。
- Facebook logged out 90 million people to be safe. 为了安全起见,Facebook注销了9000万人。
- This bug was fixed. 该错误已修复。
- Taking over a session cookie will not let an attacker access your password. 接管会话cookie不会使攻击者访问您的密码。
- We don’t know anything about how much data they were able to access or whether it affects third-party apps that use Facebook logins. 我们不知道他们能够访问多少数据,或者它是否影响使用Facebook登录名的第三方应用程序。
- You’ll get a notice at the top of Facebook letting you know what happened. 您会在Facebook顶部收到通知,让您知道发生了什么。
- There’s really nothing else you can do at this point. 在这一点上,您实际上无能为力。
Facebook has completely disabled the View As feature while they investigate how it all happened, how much data was lost, and how they can solve the problem going forward.
Facebook在调查所有情况如何发生,丢失了多少数据以及如何解决今后的问题时,已完全禁用“查看为”功能。
This data breach, combined with the recent news that Facebook is collecting shadow profiles and using your email address to target ads, is going to ramp up calls for GDPR-style regulation over these internet giants. As well it should.
数据泄露,再加上Facebook正在收集影子配置文件并使用您的电子邮件地址定位广告的最新消息,将加剧对这些互联网巨头进行GDPR式监管的呼声。 也应该如此。
facebook 关注的人