10-02-2018, 11:54 PM
In lieu of the recent Facebook hack, multiple flaws were found in the interaction between three software errors. This correlates to the "View As" feature, which for example, someone could wish a friend happy birthday, they would be using a 2017 version of the video up-loader, and this version would falsely generate an access token that mirrored the same rights as the mobile Facebook app.
Hackers abusing the "View As" feature, would then receive these tokens but not from their own profile...they would be in fact from the profile that they are viewing. They then would begin to make their way through different profiles, and using the tokens of these users, would visit other accounts and procure more tokens.
It is also suspected that some third party services may have been affected. This would be done if a hacker utilized the single sign-on features using the same tokens that they stole. They can use these to sign into other sites such as Google, Twitter, and others.
This is so far a flesh wound in Facebook's reputation, one that has already been severely wounded due to past events in the last year or so. One could hope that Facebook doesn't drive the bullet any further, but after recent events, they appear to be quite talented at tripping over themselves.
This was a mid-afternoon report from...
----Sh7nk-Z0id