Facebook says it recently discovered a security breach affecting nearly 50 million user accounts.
The hack is the latest setback for Facebook during a year of tumult for the global social media service.
In a blog post , the company says hackers exploited a bug that affected its B次元官网网址淰iew AsB次元官网网址 feature, which lets people see what their profiles look like to someone else. That would let attackers steal the B次元官网网址渁ccess tokensB次元官网网址 Facebook uses to keep people logged in. Possession of those tokens would allow attackers to B次元官网网址渟eize controlB次元官网网址 of user accounts, Facebook said.
Facebook says it has taken steps to fix the security problem and alerted law enforcement.
To deal with the issue, Facebook reset some logins, so 90 million people have been logged out and will have to log in again. That includes anyone who has been subject to a B次元官网网址淰iew AsB次元官网网址 lookup in the past year.
Facebook says it doesnB次元官网网址檛 know who is behind the attacks or where theyB次元官网网址檙e based. In a call with reporters on Friday, CEO Mark Zuckerberg said that the company doesnB次元官网网址檛 know yet if any of the accounts that were hacked were misused.
Jake Williams, a security expert at Rendition Infosec, said the stolen access tokens would have likely allowed attackers to view private posts and probably post status updates or shared posts as the compromised user, but wouldnB次元官网网址檛 affect passwords.
B次元官网网址淭he bigger concern (and something we donB次元官网网址檛 know yet) is whether third party applications were impacted,B次元官网网址 Williams said in a text exchange. B次元官网网址淔acebook offers a login service for third parties to allow users to log into their apps using Facebook. In other words, Facebook is providing the identity management for countless other sites and services. These access tokens that were stolen show when a user is logged into Facebook and that may be enough to access a userB次元官网网址檚 account on a third party site.
B次元官网网址 broke early this year that data analytics firm that once worked for the Trump campaign, Cambridge Analytica, had gained access to personal data from millions of user profiles. Then a congressional investigation found that agents from Russia and other countries have been posting fake political ads since at least 2016. Facebook CEO Mark Zuckerberg appeared at a Congressional hearing over FacebookB次元官网网址檚 privacy policies in April.
Facebook has more than 2 billion users worldwide. The company said people do not need to change their Facebook passwords, but anyone having trouble logging on should visit the siteB次元官网网址檚 help centre . Those who want to log out can visit the B次元官网网址淪ecurity and LoginB次元官网网址 section of their settings, which lists the places that people are logged into Facebook. It has a one-click option of logging out of all locations.
Ed Mierzwinski, the senior director of consumer advocacy group U.S. PIRG, said the breach was B次元官网网址渧ery troubling.B次元官网网址
B次元官网网址淚tB次元官网网址檚 yet another warning that Congress must not enact any national data security or data breach legislation that weakens current state privacy laws, preempts the rights of states to pass new laws that protect their consumers better, or denies their attorneys general rights to investigate violations of or enforce those laws,B次元官网网址 he said in a statement.
Wedbush analyst Michael Pachter said B次元官网网址渢he most important point is that we found out from them,B次元官网网址 meaning Facebook, as opposed to a third party.
B次元官网网址淎s a user, I want Facebook to proactively protect my data and let me know when itB次元官网网址檚 compromised,B次元官网网址 he said. B次元官网网址淪hareholders should ultimately approve of FacebookB次元官网网址檚 handling of the issue.B次元官网网址
Related:
Related:
The Associated Press
Like us on and follow us on .
