Facebook says nearly 50 million user accounts breached in attack

The hack is the latest setback for Facebook during a year of tumult for the global social media network.

    Massive breach is the latest embarrassment for Facebook [Aytac Unal/Anadolu]
    Massive breach is the latest embarrassment for Facebook [Aytac Unal/Anadolu]

    Facebook said it discovered a security breach affecting nearly 50 million user accounts.

    The social media giant on Friday said its engineering team found the security issue earlier this week, which stems from a change made to Facebook's video uploading feature in July 2017.  

    Facebook chief executive Mark Zuckerberg said engineers discovered the breach on Tuesday, and patched it on Thursday night.

    "We don't know if any accounts were actually misused," Zuckerberg said. "This is a serious issue."

    While the investigation is still in its early stages, the company said hackers exploited the "View As" feature on the service.

    "It's clear that attackers exploited a vulnerability in Facebook's code that impacted View As, a feature that lets people see what their own profile looks like to someone else," wrote Guy Rosen, vice president of product management at Facebook, in a blog post.

    "This allowed them to steal Facebook access tokens, which they could then use to take over people's accounts. Access tokens are the equivalent of digital keys that keep people logged into Facebook so they don't need to re-enter their password every time they use the app." 

    {articleGUID}

    To deal with the issue, Facebook reset some logins - 90 million people have been logged out and will have to log in again. That includes anyone who has been subject to a View As lookup in the past year. 

    After they log back in, users will receive a notification at the top of their News Feed explaining what happened.

    The View As feature will be temporarily turned off as they conduct a security review.

    Facebook said it has taken steps to fix the security problem and alerted law enforcement but doesn't know who is behind the attacks. 

    'Very troubling'

    Facebook has more than two billion users worldwide. Following news of the security breach, the company's shares slumped more than three percent.

    The hack is the latest security headache for the tech behemoth, which has been dealing with political disinformation campaigns from Russia and elsewhere since 2016.

    News broke early this year that a data analytics firm that once worked for US President Donald Trump's campaign, Cambridge Analytica, had gained access to personal data from millions of user profiles.

    Then a congressional investigation found agents from Russia and other countries had been posting fake political ads since at least 2016. Facebook CEO Mark Zuckerberg appeared at a Congressional hearing over Facebook's privacy policies in April.

    Ed Mierzwinski, senior director of consumer advocacy group US PIRG, said the breach was "very troubling".

    "It's yet another warning that Congress must not enact any national data security or data breach legislation that weakens current state privacy laws, preempts the rights of states to pass new laws that protect their consumers better, or denies their attorneys general rights to investigate violations of or enforce those laws," he said in a statement.

    Can Facebook be regulated?

    Inside Story

    Can Facebook be regulated?

    SOURCE: Al Jazeera and news agencies


    YOU MIGHT ALSO LIKE

    How different voting systems work around the world

    How different voting systems work around the world

    Nearly two billion voters in 52 countries around the world will head to the polls this year to elect their leaders.

    How Moscow lost Riyadh in 1938

    How Moscow lost Riyadh in 1938

    Russian-Saudi relations could be very different today, if Stalin hadn't killed the Soviet ambassador to Saudi Arabia.

    The great plunder: Nepal's stolen treasures

    The great plunder: Nepal's stolen treasures

    How the art world's hunger for ancient artefacts is destroying a centuries-old culture. A journey across the Himalayas.