Latest in Gear

Image credit: Getty

Facebook hack exposed info on up to 50 million users

More than 90 million users have had to log out.
9694 Shares
Share
Tweet
Share

Sponsored Links

Getty

Facebook announced on Friday that it has suffered a data breach affecting up to 50 million users. According to a report from the New York Times, Facebook discovered the attack on Tuesday and have contacted the FBI. The exploit reportedly enables attackers to take over control of accounts so, as a precaution, the social network has automatically logged out more than 90 million potentially compromised accounts.

"This is a really serious security issue and we're taking it really seriously," Facebook Mark Zuckerberg told reporters during a Friday media call.

Attackers exploited vulnerabilities in the code for Facebook's "View As" feature, enabling them to abscond with access tokens (think fancy, security-based cookies) which could then be used to hijack the target account. Facebook announced on Friday that it patched the vulnerability on Thursday night, disabled View As and reset the access tokens for the 50 million accounts it knows were targeted as well as another 40 million people who have used View As since its implementation last year, for good measure. Spokespeople for the company were unable to confirm if this data breach was in any way related to a hacker's threats to delete Mark Zuckerberg's account on a livestream from earlier in the day.

"This attack exploited the complex interaction of multiple issues in our code," Guy Rosen, VP of Product Management, wrote. "It stemmed from a change we made to our video uploading feature in July 2017, which impacted 'View As.' The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens."

"There's no need for anyone to change their passwords," he continued.

With the investigation still in its early stages, neither Facebook nor law enforcement know yet who is behind the attack, where the attacks originated from, or whether any personal data was accessed.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
9694 Shares
Share
Tweet
Share

Popular on Engadget

NordVPN admits to 'isolated' server breach in Finland

NordVPN admits to 'isolated' server breach in Finland

View
Mitt Romney has a ridiculous Twitter alias: Pierre Delecto

Mitt Romney has a ridiculous Twitter alias: Pierre Delecto

View
Netflix's 'The Crown' season 3 trailer shows off the new cast

Netflix's 'The Crown' season 3 trailer shows off the new cast

View
Hyundai is building cruise control that mimics your driving style

Hyundai is building cruise control that mimics your driving style

View
A star died violently and left behind this 'fluffy' ball

A star died violently and left behind this 'fluffy' ball

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr