CATEGORIES
home News

Facebook Fails Again, Exposing Over 50 Million Users In Security Breach

by Shane McGlaunFriday, September 28, 2018, 04:28 PM EDT

Facebook can’t seem to get out of its own way when it comes to security. The biggest security issue for the social network was the Cambridge Analytica fiasco that gave the company access to information on 87 million users. In June, Facebook had another security failure when private posts of 14 million users were shared publicly. Today we learn of yet another security breach that resulted in the theft of personal details on 50 million users.

fb security

Facebook became aware of the breach on the afternoon of Tuesday, September 25 and said that the attack took advantage of the Facebook code for "View As". The feature lets people see their profile as other users would see it, but an exploit that the attackers used allowed them to steal Facebook access tokens that could be used to take over accounts. Access tokens are likened to digital keys that keep people logged into Facebook to prevent them from having to enter a password each time they come to the site.

Facebook notes that it has already acted on the breach by fixing the vulnerability and has informed law enforcement about the attack. Tokens on the almost 50 million accounts known to have been affected were reset, and Facebook reset tokens for another 40 million accounts that had been used with "View As" in the last year. This means that about 90 million Facebook users will have to log in again the next time they visit the website.

The accounts that must log back in will have a notification at the top of the screen that explains what happened. Facebook is turning off the "View As" feature while a security review is performed. The social giant has also given insight into what exactly happened, saying that the attack exploited a "complex interaction of multiple issues in our code." These changes stemmed from a setting the social giant changed in July 2017 related to video uploading that just so happened to impact "View As."

The investigation into the breach is underway now, and Facebook notes that it hasn’t determined if the accounts were misused or if the information was accessed. Despite the breach and potential to access accounts, Facebook indicates no reason for people to reset passwords. Facebook also notes that you can log out of your account on all devices via the "Security and Login" section in settings.

Tags:  Facebook, security, Mark Zuckerberg, social-networking, (NASDAQ:FB)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment