Facebook revealed last week that malicious actors may have obtained access tokens for 50 million accounts after exploiting several bugs related to the “View As” feature and a video uploader introduced last year.
Rahul Kashyap, CEO, Awake Security:
“The immediate challenge for Facebook is going to be identifying what accounts were touched, compared to which ones were truly compromised. The 50 million number could change as we often have seen with past breaches. But it is quite likely a subset of those were specifically taken over.
What will be revealing is whether there is a pattern to whose accounts were being targeted, and whether that pattern will help reveal the identity of the attackers. Facebook knows what it knows now, but it there’s always the possibility that attackers were able to get to more information. The large numbers in this breach could just be a decoy if threat actors were targeting specific individuals.”