Facebook Breach: 50m Accounts Compromised | Xuper IT | News

Up to 50m accounts attacked in Facebook security breach

On Tuesday 25 September, Facebook engineers discovered a security breach which has compromised nearly 50m accounts. The attack gave hackers the ability to take over the users’ accounts, however the company has confirmed they patched the vulnerability on Thursday (September 27th) and will notify those who’s accounts were affected. Those users will be logged out of their accounts and required to log back in.

Currently, Mark Zuckerberg (Facebook CEO) has confirmed the company has not seen any accounts compromised or improperly accessed, however it’s still early days so that could change. Zuckerberg said the attacks used Facebook developer APIs to obtain information such as: name, gender and hometowns that’s linked to a user’s profile page. It also doesn’t appear private messages were accessed or credit card information was stolen, but the company is still early into the investigation.

What’s an access token?

When you enter your username and password on most sites and apps, including Facebook, your device will set an access token to keep you logged in. This means you don’t have to continually enter your details every time to want to use the site/app. Fortunately this token doesn’t store your password, so you don’t need to worry about changing your password.

Facebook confirmed they have reset all the tokens of the users affected. Around 90 million users will find they have been logged out of their account in the past day, including users on Facebook Messenger.

How did the attackers get in?

Three bugs led to the data exposure. Facebook’s vice president of product management, Guy Rosen confirmed Facebook inadvertently introduced the three vulnerabilities in its video uploader in July 2017. Facebook currently doesn’t know who attacked the site but the FBI is currently investigating.

Are other accounts affected?

Facebook have confirmed there has been no impact on WhatsApp users and no impact on accounts that use Facebook to login – such as Airbnb, Tinder, Spotify etc.

What happens to facebook now?

It’s likely there could be investigators in both the U.S. and Europe. While any fines can’t be levied until Facebook finds out more about the nature of the breach, if the company is found to have breach the recently implemented General Data Protection Regulation (GDPR) in Europe, they could potentially face fines of up to 4% of its global revenue.

What should you do?

Those affected should have already been forced to re-login to their account. However, you may want to take extra precautions to try and ensure your account stays secure including; turning on two-factor authentication, changing your password (ensuring it’s a secure one!), and taking the time to delete and limit the amount of personal information you have on your Facebook account to reduce your risk of exposure if future attacks occur.