Facebook data breach: What is View As feature and why has it been disabled
Hackers exploited Facebook’s “View As” feature which lets users see how their profile looks to the public.
Facebook has been hit with another major security breach in just six months after the Cambridge Analytica data scandal. This data breach has affected around 50 million users. Facebook said that it is currently investigating the data breach with law enforcements.
Facebook says it has for now fixed the security vulnerability which resided in Facebook's "View As" feature. In doing so, Facebook has also disabled this feature for now.
What is "View As" feature?
As the name suggests, this feature lets users see how their profile looks to other people. This tool is located at the bottom of the cover page under the '…' icon. Here, you can see how your Facebook profile looks to users who are not your friends.
Facebook also lets you customise this feature for a specific user. You can select "View as Specific Person" and type the user's name. If you've customised it for certain users like hiding posts then you verify this using this feature.
"View As" feature compromised
If you try accessing this feature now, you will see a message which reads, "The "Preview my Profile" feature is temporarily disabled. Please try again later."
Facebook said that hackers exploited this feature to steal access tokens and get access to user accounts. Access tokens allow user accounts to stay logged in to Facebook in the background. Users need not to log in with their email and password every time with the help of access tokens.
Access tokens reset
Facebook assured that it has reset the access tokens of the 50 million accounts that were affected. It is also reset access tokens of another 40 million accounts which may have been affected last year through the "View As" feature. If your account has been affected Facebook will prompt you to re-login on the platform and other linked accounts. Facebook will also let you know with a notification on top of your news feed.
Facebook says that users need not change passwords, but it is advised that users set new passwords. Also, if Facebook is used to login to other platforms like Instagram, users should remove access.