Facebook announced on Friday that an attack on their network left the personal information for nearly 50 million users exposed. The breach was discovered during the week, and it was found that the hackers exploited a part of Facebook’s code that then allowed them to take over accounts.
The Security Breach.
The company says attackers exploited a vulnerability within the “View As” feature, a setting that lets users see what their profile looks like to other users. According to Facebook’s announcement, the attackers were able to steal Facebook access tokens from code attached to the “View As” feature, and leverage the tokens to take over user accounts. (Access tokens are the digital keys that allow users to remain logged in without having to enter their password every time they access their account.)
Facebook says it does not know how much damage has been done as it just started the investigation. It is unaware if the hacked accounts have been misused or if any information was accessed. Furthermore, it does not know who was behind the attacks or where they were based.
Facebook’s response.
Facebook says it has fixed the vulnerability and is temporarily turning off the “View As” feature while it conducts a security review. The company says users who have been logged out will see a notification at the top of their News Feed explaining what happened when they log back in.
A continuing pattern.
Facebook’s security issues are an ongoing dilemma. In addition to its own lax for its role in the Cambridge Analytica crisis, the company has had to announce multiple security breaches this year. In June, the company apologized for a bug that accidentally set 14 million users privacy status to the public without their knowledge. In September, it reported a glitch in the system that allowed users with both an app and Facebook Ads account to access Facebook Analytics data of other apps.
Today’s security breach is different as it was an outside force attacking millions of user accounts. This is more in line with the attacks Facebook, Twitter and Google reported in August. Facebook’s latest security breach is bad because it tells a story of hackers finding a way into Facebook’s system to hack user accounts and, potentially, use stolen accounts for malicious behavior.
Why Facebook should care.
Facebook’s constant battle to safeguard its platform is likely to take a toll on its users, users who it needs to do target advertisements. But how effective will the advertising be if the people being targeted continue to lose trust in the platform?
4 comments
oh thats just terrible !!!
One of most attacked sites on the planet, I say they are doing quite well. Im surprised they are not reporting a daily of not weekly breach, considering the amount and number of hackers who see facebook big data as worth billions.
I salute them for being honest and forthcoming.
The most scary aspect of this hack is that FB cannot identify the hackers OR where they hacked from and neither do they know how much data was accessed. This just like having an anonymous person with your super super unix server password lingering within or without the organisation. He/she might lie low for a while but decide striking again….boy am i glad I don’t have an FB account!!
@itguru – they were forced by the US and EU legislators to be open about such things after the Cambridge Analytica saga.
It appears to me to be very clear that “keeping users logged in so that they don’t request a pw” is not only at the centre of this attack but also provides the FB owners some kind of “Hotel California” hold over them….you can check out any time you want but you can never leave….so much about “security” eh? You can stab the beast with your steely knives but can never kill it!!
Its a crying shame how “social media” is enslaving people that volunteer so much data and information about themselves but slowly tying a data noose around their persona and links…..and opening their lives to a nightmare of data terrorism still to manifest itself en masse. Ignorance is bliss.