MANILA - The National Privacy Commission said Sunday it has begun probing the security breach reported by Facebook, which logged out millions of users last Friday.
Facebook had already posted a "security update" statement, explaining how a "security issue" affected around 50 million Facebook accounts.
But lawyer Kiko Acero from the commission's Complaints and Investigation Division said they still need a clearer explanation on what really happened.
"Kung ginamit siya ng isang taong may malicious intent, hinahanap namin sino yung naging pabaya sa problemang 'to… Lahat 'yan tinitignan namin," he said.
(If it was used by a person with malicious intent, we want to know who is liable for this problem. We are looking into all of this.)
In a statement, Facebook said they took immediate measures upon learning the security issue, which caused around 90 million Facebook users worldwide to be logged out of their accounts.
"Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted 'View As' a feature," Facebook said.
"This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in," it added.
Manila Bulletin technology news editor Art Samaniego said the Facebook users who were logged out of their accounts could be potential targets of hackers.
Samaniego said this may put all other social media sites and service applications connected to an account at risk because "token sessions" are involved.
"Ito yung digital signature natin na pag nag-log in sa Facebook, malalaman ng apps and services na ikaw 'yun. Pag nag-log in ka via Facebook makukuha 'yung mga details mo," he said.
(This is our digital signature when we log into Facebook, which lets apps and services know that it is you. When you log in via Facebook, your details will be known.)
"Ibig-sabihin pag nanakaw to (token sessions) ng mga hacker. Puwede niya ma-log in 'yun sa mga services na ginagamit mo halimbawa Instagram, WhatsApp, Tindr," he added.
(This means that if these tokens are stolen by hackers, they can log into the services you use like Instagram, WhatsApp, Tindr.)
Samaniego urged users to use two-factor authentication for their accounts. He also discouraged netizens from using the same passwords for different accounts.
source: news.abs-cbn.com
