Hello, welcome to the Monday, October 1st, 2018 edition of the Sands and Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Honolulu, Hawaii.

Of course, the big news on Friday was Facebook announcing that 50 million user profiles were leaked due to a vulnerability in Facebook's

view as feature. Using this feature, you were able to see your profile how another user would

experience your profile. But apparently this feature gave it hackers access to

arbitrary users Facebook profile now according to Facebook the latest number of

affected profiles is around 50 million given that Facebook has some around 2

billion different profiles it roughly affects 2.5% of Facebook users.

I don't believe Facebook has notified affected users yet.

However, if you are affected, then Facebook should have logged out your account.

So if you're going to Facebook and all of a sudden need to log in again,

well, then probably your account was one of those 50 million.

It's also not known if these accounts were targeted in some manner,

if these were just random accounts.

There was also an announcement late last week that someone was going to do a live stream

of the leading Mark Zuckerberg's Facebook account.

Later after the press release came out about the leak, this video stream announcement was

rescinded so possible that it was related somehow to this vulnerability.

Initially, Facebook just disabled the VUAS feature.

Not sure if it actually has been enabled again, but Facebook said that they had fixed the flaw.

Features like this are of course always a little bit tricky to implement, so it's very

possible that Facebook temporarily mapped the target users' permissions to your account in order

to display your profile as this particular user would see it, and by mapping these permissions,

...