Around 50 million Facebook users may have had their accounts accessed as part of a major security breach. This is thanks an unknown party or parties exploiting a vulnerability in Facebook’s code and stealing access tokens as a result.
Facebook isn’t having a great year, with the Cambridge Analytica scandal and Mark Zuckerberg’s subsequent (and very awkward) appearance before Congress. This led to calls for people to #DeleteFacebook, and millions are thought to have done so.
And now Facebook has a major security breach on its hands…
Facebook Suffers a Serious Security Breach
As explained in a post on Facebook Newsroom, Facebook discovered a security breach on September 25, 2018. Around 50 million accounts were directly affected, with a further 40 million accounts secured as a precaution.
The attacker had discovered a flaw in Facebook’s code which is thought to have been introduced to its video upload tool in July 2017. This affected the “View As” feature, which allows you to see how your Facebook profile looks to other users.
Security Update https://t.co/8HUo0aHIQJ
— Facebook Newsroom (@fbnewsroom) September 28, 2018
Thus, the attacker was able to steal access tokens, which are the digital keys that let you stay logged into Facebook without having to enter your password every time. With these access tokens the attacker could potentially take over people’s accounts.
Unfortunately, Facebook doesn’t yet know “whether these accounts were misused or any information accessed.” At this early stage of the investigation the social network also doesn’t know “who’s behind these attacks or where they’re based.”
Facebook Takes Action to Protect Its Users
Facebook has taken decisive action. First, it has fixed the vulnerability and informed law enforcement. Secondly, it has reset the access token of everyone potentially affected. Third, it has temporarily disabled the “View As” feature.
If you’re one of the 90 million people who have had their access tokens revoked you’ll need to log back into Facebook. You’ll also see a notification at the top of your News Feed explaining the situation. But beyond that, neither you or Facebook can do any more.
Maybe It Is Time to Delete Facebook After All
While any security breach resulting from a vulnerability in a company’s code is serious, it looks like this could have been a lot worse. And while 50 million people is a huge number it’s a drop in the ocean when you consider Facebook has 2 billion users.
Still, this sorry saga is likely to reinvigorate the campaign to persuade people to delete Facebook. Making our article listing reasons not to delete Facebook suddenly relevant again. And we doubt this will be the last time either.