A Facebook hack has resulted in the data of 50 million accounts exposed. Facebook’s Vice President of Product Management, in a detailed blog post, said that the social network discovered a vulnerability in its system that allowed hackers to “take over people’s accounts.” Facebook claims to have patched the vulnerability and additionally, users affected by the hack have been forced to sign in to their accounts once again. If you have been logged out of your account tonight, chances are your account may have been hacked. Facebook will also show a notification on top of the news feeds of users that have been affected.
In the blog post, Rosen detailed that the hackes exploited a “technical vulnerability” in the “View As” feature, a privacy tool that allows users to see how their own profiles look to someone else. Rosen wrote, “It’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As.” This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.”
The vulnerability was the result of three specific bugs and was introduced in July 2017, according to Rosen who addressed reporters at a press call. “It’s important to say — the attackers could use the account as if they were the account holder.”
The View As privacy tool, if accessed by a third person, will expose all your information including your phone number, email address and other intimate details. Users who used the feature since the vulnerability was introduced have been logged out as well. Facebook claimed 40 million more accounts have been signed out, as a result.
Facebook said it’s unknown who is behind the attack or when it originated from. It also doesn’t know whether the data stolen has been used for any illicit purposes. The company is still in the beginning stages of the investigation. However, it claimed that initial investigation has indicated the hackers have not been able to post to accounts, change information or access private messages. Although Zuckerberg said the hackers “did try to query our APIs — Name, gender, hometown, etc. We do not yet know if any private information was accessed this way.”
Facebook said it is working with the FBI to get to the bottom of the attack. The social network has over two billion active users and the breach has affected roughly 2.5 percent of the users.
“This is a really serious security issue, and we’re taking it very seriously,” Zuckerberg said in a post on Facebook. “We have a major security effor at the company that hardens all our surfaces and investigates issues like this. I’m glad we found this and we were able to fix the vulnerability and secure the accounts. It definitely is an issue that this happened in the first place. This underscores the attacks that our platform and community face.”
The attack comes at a time when Facebook has been criticized over how it handles user’s data. On Thursday, Gizmodo reported how the company has been using phone numbers that users gave as two-factor authentication, to target users for advertisements. Furthermore, Facebook data was found to be harvested by Cambridge Analytica and other third parties to target ads. Also, back in August, Facebook’s Chief Security Officer Alex Stamos resigned from the company.
We expect more details to surface about who is behind the hack and whether the stolen data has been used for anything sinister. In case you were logged out and forced to log in again, you might be among those who are affected. I know I was.