Facebook Inc. on Friday disclosed about a security breach that affected at least 50 million user accounts. The Facebook engineers discovered the breach on September 25, 2018 (Tuesday) and fixed it by Thursday.
The company confirmed in a statement that the accounts of Mark Zuckerberg, Facebook CEO and Sheryl Sandberg, Facebook COO were also compromised.
“I’m glad we found this and fixed the vulnerability,” Zuckerberg said on a conference with reporters on Friday morning. “But it definitely is an issue that this happened in the first place
Facebook Security Breach
In the latest setback, Facebook informed that the hackers exploited three different bugs found in one of the features on the platform – View As.
The “View As” function let users view what information is visible to others -public/friends/friends of friends.
The technical vulnerability in this function allowed hackers to steal the digital keys known as “access tokens”. The access tokens facilitate users to remain logged into the accounts over multiple sessions without entering a password each time.
With these keys in hands, the hackers could access users’ demographical information like name, gender and hometown, view private messages and third-party apps and post on others’ profile.
“We do not yet know if any of the accounts were actually misused,” said Zuckerberg. "People’s privacy and security is incredibly important, and we’re sorry this happened."
Facebook, however, assured that no credit cards credentials are compromised in the entire data hack incident.
Precautionary Steps Taken
Facebook logged out the users of all affected accounts as a part of the patch-up. It also logged out other 40 million potential-risked users. The affected users now just need to sign back into their Facebook accounts. They do not have to even change the passwords since the “access tokens” do not save them.
According to the social media giant, the users of affected accounts will view a strap at the top of their News Feed regarding the issue when they log back. "Your privacy and security are important to us," the update read.
"We want to let you know about the recent action we've taken to secure your account," pointing the user to click and learn more details.
The Facebook security breach has arrived at a time when the tech giant is surrounded by critical issues including data privacy breach, distribution of fake news, international interference in elections, facilitating hate speech and non-compliance with privacy rules.