Facebook VP Carolyn Everson stated during a recent panel that Facebook’s latest user data leak was “sophisticated” and hackers would have had to know about three different Facebook bugs to pull it off.
During a recent Advertising Week panel Facebook’s vice president of global marketing solutions, Carolyn Everson, explained that Facebook’s latest user data breach which affected the accounts of 50 million people was a “sophisticated attack.” Everson stated: “This was an attack, an attack that would require people to understand three different bugs.”
Everson further said that the attackers were like an “odorless, weightless intruder that walked in” that could only be detected by Facebook “once they made a certain move.” The security bug reportedly related to a vulnerability in Facebook’s “view as” feature which allowed users to see what their own Facebook profile would look like to someone else. This bug allowed hackers to steal the security tokens of other users accounts and use these to then access that user’s account. These security tokens are like digital keys which keep users logged into Facebook so they don’t have to re-login every time they visit the website.
It later came to light that the same security tokens could be used to access accounts of websites that use the “Facebook Login” feature. This means that any third-party app that uses the “Facebook Login” feature could be at risk, including apps such as Instagram, Tinder, Airbnb and many others. Guy Rosen, Facebook’s vice president of product management, stated in the blog post revealing the bug: “The vulnerability was on Facebook, but these access tokens enabled someone to use the account as if they were the account-holder themselves.”
Discussing the rise in user data leaks, Everson stated: “This is the most significant cultural shift: Recognizing our responsibility, taking very specific actions and doing everything we can.” Everson also discussed WhatsApp co-founder Brian Acton’s recent critical remarks about Facebook stating that she’d like to “hear more about their philanthropy.” The also described the recent departure of Instagram co-founders Kevin Systrom and Mike Krieger as a “very, very friendly and cordial departure.”
“Those of us that have worked with them, we all were surprised they even stayed six years,” she said. “Most entrepreneurs leave after a year or two. … It’s a testament to Mark [Zuckerberg] giving entrepreneurs autonomy.” The two co-founders did not provide a reason for their sudden departure from the company, although tensions with Facebook CEO Mark Zuckerberg are widely considered to be behind the move. Both said that they planned to take some time off after leaving.