Almost 50M Facebook accounts at risk for theft after latest security breach
Facebook on Friday revealed that it recently uncovered a major security breach impacting close to 50 million users, which could result in the user's account being stolen by the thieves.
Hackers exploited a vulnerability in "View As," a feature that lets people see what their personal profile looks like to others. They were thus able to steal access tokens, which gave them the ability to hijack accounts.
The problem was discovered on Tuesday and has already been fixed. In a statement, Facebook noted that it's already informed law enforcement. The company has reset the access tokens for people known to have been affected, as well as another 40 million accounts that have been subjected to "View As" lookups in the past year.
"We have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We're also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a 'View As' look-up in the last year," Facebook said in a statement. "As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened."
"View As" is being temporarily disabled while the company conducts a security analysis. The company already knows, however, that the security hole originated with a July 2017 change to video uploads.
It's not yet known if the hacked accounts were misused, or who the perpetrators were.
"We face constant attacks from people who want to take over accounts or steal information around the world. While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place," CEO and Facebook founder Mark Zuckerberg said on the service. "If you've forgotten your password or are having trouble logging in, you can access your account through the Help Center."
Facebook has dealt with multiple security breaches in the past. The most famous of these is probably the Cambridge Analytica debacle, when the public learned well after Facebook that CA had been building voter profiles by scraping data without consent. Facebook was taken to task by governments for failing to disclose the situation years ago.
Hackers exploited a vulnerability in "View As," a feature that lets people see what their personal profile looks like to others. They were thus able to steal access tokens, which gave them the ability to hijack accounts.
The problem was discovered on Tuesday and has already been fixed. In a statement, Facebook noted that it's already informed law enforcement. The company has reset the access tokens for people known to have been affected, as well as another 40 million accounts that have been subjected to "View As" lookups in the past year.
"We have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We're also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a 'View As' look-up in the last year," Facebook said in a statement. "As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened."
"View As" is being temporarily disabled while the company conducts a security analysis. The company already knows, however, that the security hole originated with a July 2017 change to video uploads.
It's not yet known if the hacked accounts were misused, or who the perpetrators were.
"We face constant attacks from people who want to take over accounts or steal information around the world. While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place," CEO and Facebook founder Mark Zuckerberg said on the service. "If you've forgotten your password or are having trouble logging in, you can access your account through the Help Center."
Facebook has dealt with multiple security breaches in the past. The most famous of these is probably the Cambridge Analytica debacle, when the public learned well after Facebook that CA had been building voter profiles by scraping data without consent. Facebook was taken to task by governments for failing to disclose the situation years ago.
Comments
(It's the internet, I can't see you but I'm going to assume nobody is raising their hand.)
2) I have two-factor enabled and yet I've never had to use it to log into my account on any device. I find that concerning.
3) If I never used the "View As" feature am I safe from this specific hack, or is everyone a potential victim?
2) Equifax has a huge deal. It was a major story for a long time which resulted in their CEO stepping down, Equifax building a system to see if you were one of the hacked—which itself became a story—and which caused countless comments on how to lock down all 4 major credit bureaus, as well as locking down IRS and SSA. If you didn't think the Equifax hack was a big deal than that's on you.
In fact, here's what I compiled nearly a year and a half ago for people that asked me how to protect themselves so some of the data will have (hopefully) changed.
Have you ever checked out these sites?
PS: Even more scary are the (hypothetical) computers designed to look for a similar "voice" in the words you use, length of sentences, sentence structure, idioms, etc. Not unlike how telegraph operators could tell who was sending a message based on their telegraph style known as their "fist."
edit: Get the facts peppered with some comedy because that makes it easier to swallow…
Between all the various compromises reported over the last couple of years, almost every adult has probably had some level of private data exposed.
...
I do ageee though. You barely heard anything when over half the country’s personal info was just left out there because of a shitty easily hack able website. I am still checking my credit report over that whole thing.
He said it's a little thing, but it's one data point that bad people use, as well as tags on photos.
Not sure if this worth or not.
Thoughts?