Facebook users will be wanting a thumbs down emoticon this week as news spreads throughout the web of a breach of security affecting 50-90 million users of the social media app.
According to a Facebook newsroom release, some time last Tuesday, September 25, their engineering team discovered a security issue affecting almost 50 million accounts. ‘We’re taking this incredibly seriously,’ said Guy Rosen, VP of Facebook’s product management. ‘Wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.’
Millions of Facebook users were automatically logged out and sent a message alerting them to the breach. Users were then told they needed to re-log in, but were also assured that they didn’t need to change their password.
Northern Rivers residents were not immune to the breach – Echonetdaily heard from local Facebookers who got a message Sunday morning asking them to re-log in.
Facebook says their investigation is still in its early stages. ’It’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.’
It has been reported that experts fear Facebook’s latest data breach could lead to users’ photos, private conversations and possibly check-ins being leaked publicly online.
Facebook’s Mr Rosen says firstly they have fixed the vulnerability and informed law enforcement. ‘Secondly, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security.
‘We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.’
Many are now asking what can be done to protect personal information and data. Websites such as Have I Been Pwned allow users to see if their accounts have been compromised on these paste sites.