Latest in Gear

Image credit: Getty

Facebook hack exposed info on up to 50 million users

More than 90 million users have had to log out.
9694 Shares
Share
Tweet
Share
Save

Sponsored Links

Getty

Facebook announced on Friday that it has suffered a data breach affecting up to 50 million users. According to a report from the New York Times, Facebook discovered the attack on Tuesday and have contacted the FBI. The exploit reportedly enables attackers to take over control of accounts so, as a precaution, the social network has automatically logged out more than 90 million potentially compromised accounts.

"This is a really serious security issue and we're taking it really seriously," Facebook Mark Zuckerberg told reporters during a Friday media call.

Attackers exploited vulnerabilities in the code for Facebook's "View As" feature, enabling them to abscond with access tokens (think fancy, security-based cookies) which could then be used to hijack the target account. Facebook announced on Friday that it patched the vulnerability on Thursday night, disabled View As and reset the access tokens for the 50 million accounts it knows were targeted as well as another 40 million people who have used View As since its implementation last year, for good measure. Spokespeople for the company were unable to confirm if this data breach was in any way related to a hacker's threats to delete Mark Zuckerberg's account on a livestream from earlier in the day.

"This attack exploited the complex interaction of multiple issues in our code," Guy Rosen, VP of Product Management, wrote. "It stemmed from a change we made to our video uploading feature in July 2017, which impacted 'View As.' The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens."

"There's no need for anyone to change their passwords," he continued.

With the investigation still in its early stages, neither Facebook nor law enforcement know yet who is behind the attack, where the attacks originated from, or whether any personal data was accessed.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
9694 Shares
Share
Tweet
Share
Save

Popular on Engadget

'The Outer Worlds' DLC is coming next year

'The Outer Worlds' DLC is coming next year

View
TCL's 2018 65-inch 6-Series 4K TV drops to $500

TCL's 2018 65-inch 6-Series 4K TV drops to $500

View
The $1,399 Pixelbook Go with 4K display is now available

The $1,399 Pixelbook Go with 4K display is now available

View
US cancels plans for new penalty tariffs on Chinese-made products

US cancels plans for new penalty tariffs on Chinese-made products

View
Tesla Cybertruck will likely get medium-duty truck classification like Ford Super Duty and others

Tesla Cybertruck will likely get medium-duty truck classification like Ford Super Duty and others

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr