“On Sunday September 16 2018, engineers at Facebook detected some unusual activity on the social media platform’s networks. It was an attack, the biggest security breach in Facebook’s history. And it would take the company 11 more days to stop it”, says Donie Sullivan at he website CNN Business. Facebook said it affected 50 million users.

Forbes said in an article How Facebook was hacked and why it’s a disaster for Internet security, “The perpetrator’s ultimate aim was to steal what are known as “OAuth bearer tokens.” Essentially, these tokens prove the Facebook user is the rightful owner of an account and denote what they have access to. As Shadwell describes them: “OAuth tokens are like car keys, if you’re holding them you can use them, there’s no discrimination of the holder.” And in the context of this attack, those keys unlocked not just Facebook accounts, but any site that affected users accessed with a Facebook login. ”

Website Developer’s Perspective

Many websites today offer a different way to login. You can redirect users to their Facebook account and have them login there instead of at your own site. You can include a Facebook logo that they can click on. ASP.NET offers you an easy way to do this. You will need to set up a developers account at Facebook, but its free.

Considering the recent news, perhaps this is not such a great idea.

The Forbes article goes on to say: “To get those keys, the hackers abused a feature in Facebook called “View As.” It allows any user to see what another can access on their profile. For instance, if you’ve blocked your dad from looking at your photos, you can check it’s working by effectively impersonating your father and viewing your profile.”

The website LifeHacker has a couple of suggestions to protect yourself. “First, hit up your Facebook settings and remove all the apps under ‘Active Apps and Websites.’ You can even go bigger. Under the ‘Apps, Websites and Games’ section under the ‘Preferences’ heading, click on ‘Edit,’ and then click ‘Turn Off.’ You’ll now no longer be tempted to sign into new services using your Facebook account, because that won’t work.”