Facebook, the social media giant with over two billion monthly active users, reported on Friday (28/09/18) that their engineering team discovered an attack on their systems that compromised the highly sensitive personal data of 50 million Facebook users.
As one of the leading data-collection agencies in the world, Facebook is nearly unrivalled in its depth and range of user data, and leverages that data to sell premium ad space to advertisers. In 2017, Facebook generated 98% of its global revenue through its advertising business.
How did Facebook get hacked?
Facebook doesn’t have that much by way of of information to provide about the attack, but so far we know that the attack originated from a vulnerability in Facebook’s “view as” feature feature, a feature that allows users to see what their profile looks like to someone else.
According to Facebook, this allowed hackers to “steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
On the afternoon of Tuesday, 25th September 2018, Facebook’s engineering team discovered a security issue that affected almost 50 million accounts.
Facebook have reset the access tokens of the almost 50 million accounts they know were affected to protect their security. The company is also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login.
After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.
Facebook, to their credit, reported the attack—which took place on Tuesday, September 25th—quickly, and patched the vulnerability. They are currently investigating the nature of the attack in order to provide more information to those affected, and to prevent further hacks.
Since Facebook has only just started their investigation, they have yet to determine whether these accounts were misused or any information accessed. The company also doesn’t yet know who’s behind these attacks or where they’re based. Facebook have said they are working hard to better understand exactly what happened — and will update users and the media when they have more information, or if any of the facts change.
Don’t forget to add two-factor authentication to sensitive accounts.
As a reminder, we always recommend activating two-factor authentication on sensitive accounts to create an additional layer of security.
Two-factor authentication is a second method of authentication beyond a password—for example, an email verification—that makes it harder for hackers to gain access to your accounts