Facebook security vulnerability could have exposed 50 million accounts

Polycount

Posts: 2,439   +549
Staff member

If Facebook's Cambridge Analytica data privacy scandal wasn't enough to get your attention, the company has some more bad news for its users today.

As reported by the New York Times, Facebook today announced that a recent cyberattack may have compromised the information of around 50 million users. While not quite on the scale of the Equifax breach in 2017, 50 million users is still no small number.

Naturally, though, that number could change. Facebook's investigation into the matter is not yet complete, so it's tough to say how accurate it will be in the end - more compromised accounts could be found, or the issue could prove to be less severe than it seems.

Either way, as a precautionary measure, Facebook has forced "more than" 90 million users to log out of their accounts.

So, what information was exposed? Frankly, we don't know yet. As of writing, all we really know is that a vulnerability in Facebook's "View As" feature allowed hackers to "steal Facebook access tokens," which they could then theoretically use to hack accounts.

"Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed," Facebook's announcement reads. "We also don’t know who’s behind these attacks or where they’re based."

In the interim, while the investigation continues, Facebook has patched the vulnerability and reset the access tokens of all the accounts known to have been affected by this breach.

With that said, we likely won't know the full scope of this issue for at least a few days. We'll update this post if Facebook provides us with any more information.

Permalink to story.

 

jobeard

Posts: 13,857   +1,754
Facebook says
Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted 'View As,' a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.
So the circumvention is to ALWAYS LOG OFF
 
  • Like
Reactions: Godel