Facebook Breach May Have Allowed Attackers to Take Over 50 Million Accounts


Facebook had suffered from an attack that affected 50 million users and exposed personal information of those impacted accounts.

The company discovered a “security issue” on Sept. 25. Facebook said that the attackers exploited a feature called “View As”, which lets someone see what their profile looks like to another user.

“This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.”

Is my account affected?

In the wake of its discovery, the company said it fixed the vulnerability and informed law enforcement before taking additional measures.

Those additional measures include logging nearly 90 million users out of Facebook to “protect their security.” That’s the 50 million accounts that were directly impacted by the exploit, along with another 40 million accounts that were subjected to a “View As look-up” in the past year, Facebook said.

If you’ve been logged out of Facebook on your various devices or apps, then your account is one of those 90 million. The firm says that impacted users will get a News Feed notification explaining the situation.

The company notes that it will disable access tokens any more potentially impacted accounts it discovers.

While Facebook admitted that their investigation is still “in its early stages,” the firm’s VP of product management said in a press call Friday that it “did see this attack being used at a fairly large scale.”

Presently, the social media juggernaut said it’s unclear whether compromised accounts were missed or had any sensitive data stolen form them. Facebook added that there’s no word on who is behind the attacks.

Even before Friday’s disclosure, Facebook has been embroiled in multiple federal investigations and is the subject of a Securities and Exchange Commission inquiry, The New York Times notes.

What Do I Do Now?

If you’re concerned about your own account or data, you can visit Facebook’s Security and Login section. It will list every device that’s logged into your account and give you the option of logging out of all of them with a click.