50m Facebook users hit by account breach flaw
- by Rex Christensen
- in Economy
- — Oct 2, 2018
News broke early this year that a data analytics firm once employed by the Trump campaign, Cambridge Analytica, had improperly gained access to personal data from millions of user profiles. Here's why it matters to you.
The issue arose when attackers exploited a vulnerability in the social network's code for "View As" - a feature that lets people see what their own profile looks like to someone else.
In the biggest-ever security breach after Cambridge Analytica scandal, Facebook on Friday admitted hackers broke into almost 50 million users' accounts by stealing their "access tokens" or digital keys.
Mark Warner [D., Va.], vice chair of the Senate Intelligence Committee, whose latest lambasting of Facebook came Friday, declined to comment today about the potential fine.
TransferWise, a money wire service that allows users to log in through Facebook, said its investigation was underway but that it had "no indication" that its customers had been affected.
Facebook done anything about it? Close to 90 million users have been logged out of their current sessions.
One Facebook defence at the time was that there was no technical security problem - it was a human error and a lie.
After detecting the breach, Facebook has fixed the vulnerability, informed law enforcement, and temporarily turned off the "View As" feature.
No, your password has not been compromised.
Personal information of users "was exposed due to a flaw in Facebook's code that allowed hackers and other nefarious users to take over user accounts and siphon off Personal Information for unsavory and illegal purposes", according to the complaint, which was filed by a California woman and a Virginia man. Simply put, you can log out or initiate a security audit on your device and account. You can see devices as well as their current location, and in case you see any unknown locations or devices, you can simply click on the remove button.
The company stated that this means that if you were affected by the hack, you'll notice that you have been automatically logged out of your Facebook account, as well as any other apps that use Facebook to login.
Rosen would not confirm whether the breach was state-backed, but added the hackers "did need a certain level in order for attacker not only get access but to pivot on the access tokens".
So it doesn't matter how strong your password was, or whether two-factor authentication was set up. This hack bypasses everything.
CNN reached out to nearly a dozen companies that offer the Facebook login capability. You can also try deactivating your account for some time, as reactivating it will also grant new access tokens, while old tokens will automatically expire. As it turns out, those users' Instagram accounts could have been compromised, too.
Facebook has faced a lot of scrutiny over various aspects of its business and its capability to protect its users' information from any hack or breach.
It's unclear how hard it would be for an attacker to use an access token to get into a third-party site.