Two vulnerabilities in Facebook’s “view as” feature — a feature that lets people see what their own profile looks like to someone else — were exploited by attackers who gained access to the personal information of about 50 million users, among them those of chief executive Mark Zuckerberg and chief operating officer Sheryl Sandberg, the company said on Friday.

Rahul Kashyap, chief executive of security outfit Awake Security, said the immediate challenge was for Facebook to identify the accounts that had been touched and those which had been compromised.

“The 50 million number could change as we often have seen with past breaches. But it is quite likely a subset of those were specifically taken over,” he said.

“What will be revealing is whether there is a pattern to whose accounts were being targeted, and whether that pattern will help reveal the identity of the attackers.”

“Facebook knows what it knows now, but there’s always the possibility that attackers were able to get to more information. The large numbers in this breach could just be a decoy if threat actors were targeting specific individuals.”

Read More…

Breach Response