Facebook says at least 50 million users affected by security breach

Facebook has said at least 50 million user accounts may be at risk after hackers exploited a security vulnerability on the site.

The company said in a blog post Friday that it discovered the bug earlier in the week. The bug is part of the site’s “View As” feature that lets a user see their profile as someone else. Facebook has switched off the “View As” feature in the meantime while it investigates the bug further.

The bug allowed hackers to obtain account access tokens, which are used to keep users logged in when they enter their username and password. Stolen tokens can allow hackers to break into accounts.

Facebook said that it has reset access tokens of all users affected, as well as an additional 40 million accounts out of an abundance of caution. That means some 90 million users will have been logged out of their account — either on their phone or computer — in the past day.

Recommended For You

SST Social Media Boot Camp

Effective Social Media Marketing Strategies That Work

LiteApp Studio - Annual

[LAUNCHING ON OCT MON 15TH - FRI 19TH] NEW AI Software AUTOMATICALLY Creates Amazing Mobile Apps from ANY Website URL in Minutes, Works on All Browsers AND Can Be Instantly Downloaded and Shared Through Social Media, Text, Email and Q Code, Without Need for

Facebook also said that users will be notified of the security incident through a notification in their News Feed once they log back in.

“This is a breach of trust and we take this very seriously.”
— Facebook’s Guy Rosen

“We have yet to determine whether these accounts were misused or any information accessed,” said Guy Rosen, Facebook’s vice president of product management. “We also don’t know who’s behind these attacks or where they’re based.”

Rosen said that Facebook spotted the attack because the hackers were automating their attack on a “large scale.”

Chief executive Mark Zuckerberg said on a call with reporters that the company doesn’t know if any accounts have been improperly accessed, though he said that the attackers tried to access account information by querying its developer APIs, which Facebook locked down last night.

“So far our initial investigation has not shown that these tokens were used to access any private messages or posts or to post anything to these accounts,” Zuckerberg told reporters. “But this, of course, may change as we learn more. The attackers used our APIs to access profile information fields like name, gender, hometown, etc. But we do not yet know if any private information was accessed that way,” he said.

The vulnerability, which was a result of three distinct bugs, was introduced in July 2017, when Facebook created a new video upload functionality on the service. On September 16, 2018, Facebook discovered unusual activity and launched an investigation that same week. On Tuesday, September 25, it uncovered the attack. It then notified law enforcement on Thursday, September 27, in the afternoon.

Recommended For You

PowerPoint Animated Cartoon Backgrounds - Travel and Transportation

The Travel and Transportation Kartoon Background Kit includes 6 "ready to go" animated PowerPoint templates focusing on travel and transportation related topics, plus a variety of related clipart and animated GIFs to make it fast and easy to modify and cr

AffilEcom Engine - Agency - 250 Licenses

AffilEcom Engine is a WordPress Plugin + Theme Combo That Turns Any Site Into Money-Making Asset With the Help Of Amazon, AliExpress and eBay platforms.

(Pro) X Ranker 360 2.0

The ONLY Web-App Guaranteed To Rank More Of Your Videos On Page 1 of Google in 48 hours or less - See a LIVE Case Study here.

On Thursday evening, it fixed the vulnerability and began resetting the access tokens of people to protect the security of their accounts.

Facebook said the FBI is now investigating. Because users in Europe are also affected, the company said it has informed data protection authorities in Ireland — where the company’s European headquarters are located.

The Irish Data Protection Commission has asked Facebook to clarify the breach “urgently.” If Facebook is found to have breached European data protection rules — the newly implemented General Data Protection Regulation (GDPR) — the company can face fines of up to four percent of its global revenue.

Federal Trade Commission’s Rohit Chopra also tweeted, suggesting the government agency may investigate.

“If we find more affected accounts, we will immediately reset their access tokens,” said Rosen. “This is a breach of trust and we take this very seriously.”

“I’m glad that we that we found this and that we were able to fix the vulnerability and secure accounts,” Zuckerberg told reporters. “But it definitely is an issue that this happened in the first place. And I think this underscores the attacks that our community and our service face, and the need to keep on investing heavily in security and being more proactive about protecting our community. And we’re certainly committed to doing that,” he added.

The attacks on Facebook have forced the company to rethink its overall development process. It has gone from a “move fast and break things” mentality to one of a slower and more cautious approach.

Facebook has been without a chief security officer since the departure of Alex Stamos in August. The social network retired the position after Stamos left. But the company said that this year it’s growing the number of people working on safety and security from 10,000 to 20,000.

Sen. Mark Warner, vice-chairman of the Senate Intelligence Committee, warned in a statement of the “dangers” posed by companies that are “able to accumulate so much personal data about individual Americans without adequate security measures.”

The social network has 2.2 billion monthly active users as of its second quarter earnings.

Original Article : HERE ; This post was curated & posted using : RealSpecific

Thank you for taking the time to read our article.

If you enjoyed our content, we'd really appreciate some "love" with a share or two.

And ... Don't forget to have fun!

Recommended Products

Art Of Influence

MCA Masterclass teaches you how to grow, scale and turn you MCA business into a full blown automated money making machine

LetMailbox Pro Advanced

LetMailbox - Your All-In-One TOOLBOX for RAPID Returns on ANY EMAIL Broadcasts!!

Linked Assist Basic - LinkedIn Automation Tool

The First and ONLY LinkedIn Automation Tool, for Marketers and Professionals, On JVZOO. Linked Assist Allows You to: ?Send Automatically Connection Requests. ?Message Directly to People? You Want to Connect With. ?Endorse Profiles Autonomously. ?Save Messag

Leave a Reply