Facebook has a security flaw on the weekend “temporarily” removed the compromised more than one million accounts. She was on Hacker News was notified only on Friday.
The problem was left to accounts sent by Facebook mails: Who clicked on it changed, not only on a Facebook page, but was logged in without any further action as a password in the connected account. The messages could be tracked down easily with a Google search, they contained links to a total of 1.3 million user accounts.
Through the mails could be also see the accounts associated with the e-mail addresses. Meanwhile, Google has removed the relevant pages from its search index.
The links were only used once. When a user clicked on it, clicking a second time came to nothing.Facebook developer Matt Jones explained the principle against Hacker News: “We send these emails only to the account holder and they never make public. Nevertheless, we set up security measures to prevent a stranger can click on the link. “Someone must have put online, otherwise they would not have been found in Google. Facebook’s security system will take every necessary, carry out additional checks to ensure that it is actually to handle the account-holders.
By now, most links should already be invalid because they were active only for a short time, says Jones. “Nevertheless, we have due to the publication this function temporarily taken offline. In addition, we back up all accounts of users who have used this feature in the last time.