Facebook security breach: 50 million accounts attacked

Facebook security breach: 50 million accounts attacked

September 28, 2018   11:52 pm

-

Facebook has said “almost 50 million” of its users were left exposed by a security flaw.

The company said attackers were able to exploit a vulnerability in a feature known as “View As” to gain control of people’s accounts.

The breach was discovered on Tuesday, Facebook said, and it has informed police.

Users that had potentially been affected were prompted to re-log-in on Friday.

The flaw has been fixed, wrote the firm’s head of security, Guy Rosen, adding all affected accounts had been reset, as well as another 40 million “as a precautionary step”.

The firm would not say where in the world the 50 million users are, but it has informed Irish data regulators, where Facebook’s European subsidiary is based.

Users that had potentially been affected were prompted to re-log-in on Friday. However, the company said users did not have to change their passwords.

“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. “

He added: “People’s privacy and security is incredibly important, and we’re sorry this happened.”

Facebook’s “View As” function is a privacy feature that allows people to see what their own profile looks to other users, making it clear what information is viewable to their friends, friends of friends, or the public.

Attackers found multiple bugs in this feature that “allowed them to steal Facebook access tokens, which they could then use to take over people’s accounts”, Mr Rosen explained.

“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” he added.

Source: BBC

Disclaimer: All the comments will be moderated by the AD editorial. Abstain from posting comments that are obscene, defamatory or slanderous. Please avoid outside hyperlinks inside the comment and avoid typing all capitalized comments. Help us delete comments that do not follow these guidelines by flagging them(mouse over a comment and click the flag icon on the right side). Do use these forums to voice your opinions and create healthy discourse.

Most Viewed Video Stories