Facebook data breach hits at least 50 mln accounts

Sunday, 30 Sep, 2018

Facebook says it has informed the police after the breach was discovered on Tuesday and it has taken steps to address the issue. The first measure was to patch the vulnerability and inform law enforcement.

Discovering the breach earlier this week, the company said that the investigation in the matter is still in its initial phase. In a news release, Facebook says attackers exploited code the impacted the "View As" feature, which allows users to see what their profile looks like to someone else. The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens, " Facebook stated. "View As" was also turned off during the investigation. Facebook has forced the 50 million accounts it knows were affected to log out, as well as 40 million more that have used the "View As" feature in the previous year. Affected users would need to log back into the app, desktop version, and linked apps as a result.

However, Facebook would not reveal where the 50 million users were based. Once logged in they will receive a notification explaining what has occurred.

"We haven't yet been able to determine if there was specific targeting" of particular accounts, Guy Rosen, Facebook's vice president of product management, said in a call with reporters. The perpetrators took advantage of security flaws in Facebook's "View As" code, a feature that lets users see what their profile looks like to another user or the public. It also has no idea who was behind the attacks.

CEO Mark Zuckerberg posted a statement indicating the company had patched the vulnerabilities exploited by the attacker (s) and was investigating the incident further. Lastly, it said it has temporarily disabled the View As feature while it conducts a thorough security review.

The blog post promises they will update as more information becomes available. However, he said those who are having trouble logging back into Facebook, can visit the site's Help Center. Given how Facebook spreads itself out over third-party applications, such as its log-on feature, this number is expected to reach much higher, however this remains speculation for the time being.