Facebook hack exposed data to 50 million users
A Friday morning press release revealed the worse nightmare for the billions of Facebook users: a new hack compromised the unspecified data of 50 million users.
“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts,” reads the statement. “[It’s] clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.”
“Fifty million accounts were directly affected,” explained Facebook VP of product management Guy Rosen on a Friday morning press call, “and we know the vulnerability was used against them.”
“We did see this attack being used at a fairly large scale,” added Rosen. “The attackers could use the account as if they are the account holder.”
photo/ Gerd Altmann via pixabay
The statement itself didn’t provide much additional insight.
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” continues the statement. “We also don’t know who’s behind these attacks or where they’re based.”
Facebook says it’s fixed the vulnerability, and that 90 million people may suddenly find themselves logged out of their accounts or various Facebooks apps as a result.
“Security is an arms race,” Facebook CEO Mark Zuckerberg noted on the press call.
“[If] anyone wants to take the precautionary action of logging out of Facebook, they should visit the ‘Security and Login‘ section in settings,” advises the warning. “It lists the places people are logged into Facebook with a one-click option to log out of them all.”
Users reported problems logging into apps such as Instagram, social media management site Hootsuite and music app Spotify since Friday. Facebook owned messaging service WhatsApp was not affected.
