This week, Facebook informed users that it partially restored a privacy feature that was abused by hackers last year as part of an attack that had an impact on 29 million accounts.
In late September 2018, the social media giant informed customers that hackers used a series of vulnerabilities to steal tokens to access 50 million Facebook accounts. The company later told users that the attack, allegedly started by spammers who wanted to make a profit by disappointing advertising, actually affected just 29 million accounts.
According to Facebook, hackers have access to names, telephone numbers and email addresses for 15 million of the affected users. They also accessed gender, hometown, date of birth, religion and information on the places they checked in for the remaining 14 million.
Facebook disabled access tokens for almost 90 million accounts as a response to this violation and launched a tool to let users know whether or not their account is affected.
Three different defects affected the “View As” feature and a version of the July 2017 Facebook video uploader interface.
“View as” is a privacy feature that shows users how other users see their profiles, including friends or users with whom they are not friends. The feature helps users to ensure that information is only shared with the intended audience.
After a massive breach, Facebook disabled the “View As” feature, but this week it has partially re-enabled it. Updating its initial blog post and Twitter, the company stated that after its security review, it restored the “View as Public” feature and that it was not involved in the incident.
The function “View as a specific person” is still disabled. But Facebook says the version of “View As Public” was a lot more popular. Facebook is likely to gradually restore the feature, as it is not yet available to all users.
