Connect with us

Hi, what are you looking for?



Facebook Partially Restores Privacy Feature Abused in Massive Breach

Facebook restores View As feature

Facebook restores View As feature

Facebook this week informed users that it has partially restored a privacy feature abused by hackers last year as part of an attack that impacted 29 million accounts.

The social media giant informed customers in late September 2018 that hackers had exploited a series of vulnerabilities to steal tokens that could be used to access 50 million Facebook accounts. The company later told users that the attack, reportedly launched by spammers who wanted to make a profit through deceptive advertising, actually impacted only 29 million accounts.

According to Facebook, for 15 million of the affected users, the hackers accessed names, phone numbers and email addresses. For the remaining 14 million, they also accessed gender, hometown, date of birth, religion, and information on the places they had checked into.

In response to the breach, Facebook invalidated access tokens for nearly 90 million accounts and launched a tool that told users whether or not their account was impacted.

The attack involved three distinct flaws affecting the “View As” feature and a version of Facebook’s video uploader interface introduced in July 2017.

“View As” is a privacy feature that shows users how others, including specific friends or users they are not friends with (View As Public), see their profile. The feature is designed to help users ensure that they only share information with the intended audience.

Facebook disabled the “View As” feature following the massive breach, but it has partially re-enabled it this week. In an update to its initial blog post and on Twitter, the company said it restored the “View As Public” feature after completing its security review and determining that it was not involved in the incident.

Advertisement. Scroll to continue reading.

The “View As Specific Person” feature remains disabled. However, Facebook says the “View As Public” version was much more popular. Facebook is likely restoring the feature gradually as it’s still not available to all users.

Related: Industry Reactions to Facebook Hack

Related: Is Facebook Out of Control? Investigations and Complaints Are Rising

Related: Zuckerberg Defends Facebook in New Data Breach Controversy

Related: UK Regulator Hits Facebook With Maximum Fine

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...