Facebook says security breach affected about 50 million accounts

Facebook said it discovered a security breach earlier this week that affected almost 50 million accounts. The company said it’s investigating the breach, which allowed hackers to take over a person’s account.

The social-media network said in a statement on Friday that it has fixed the vulnerability and told law enforcement authorities about the breach. Shares declined about 3% on the news.

There was a loophole in Facebook’s code for a feature called "View As" that let people see what their account looks like to someone else. The vulnerability allowed people to steal access tokens - digital keys that keep people logged into Facebook so they don’t need to re-enter passwords. Once logged in, the attackers could take control.

"This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted ‘View As’," Facebook said. "The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens."

User data leaks, security breaches and the spread of misinformation have forced Facebook to confront hostile congressional hearings and uproar from users. This week’s breach adds to concern that Facebook is collecting too much personal information and not looking after it properly. Data is the lifeblood of its advertising business, so any limits on its activities that stem from these missteps could crimp the company’s earning power.

While access codes were taken from 50 million accounts in the recent breach, Facebook said it doesn’t know whether any personal information was gathered or misused from those accounts.

Everyone whose profile used the "View As" tool in the last year will have to log in to Facebook again, and any apps that used Facebook to log in. From there, they’ll be able to see a statement from Facebook explaining what happened. The company estimated that about 90 million people will have to log in again.

Meanwhile, an indie Taiwanese hacker has proclaimed he’ll broadcast an attempt to wipe out Mark Zuckerberg’s Facebook page this Sunday – live.

Self-professed bug bounty-hunter Chang Chi-yuan, who ferrets out software flaws in return for cash, says he’ll live-stream an endeavor to delete the billionaire’s account at 06:00 local time from his own Facebook page. He didn’t get into details or respond to an online query.

“Broadcasting the deletion of FB founder Zuck’s account,” the lanky youngster, who turns 24 this year based on past interviews, told his 26 000-plus followers on Facebook this week. “Scheduled to go live.”

* SUBSCRIBE FOR FREE UPDATE: Get Fin24's top morning business news and opinions in your inbox.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
ZAR/USD
16.21
(+0.76)
ZAR/GBP
21.21
(+1.09)
ZAR/EUR
19.18
(+0.93)
ZAR/AUD
11.52
(+0.70)
ZAR/JPY
0.15
(+0.92)
Gold
1900.89
(-1.06)
Silver
24.57
(-1.48)
Platinum
877.51
(-0.54)
Brent Crude
42.06
(-3.35)
Palladium
2389.99
(+0.28)
All Share
54796.42
(-0.99)
Top 40
50276.84
(-1.23)
Financial 15
10376.28
(+2.34)
Industrial 25
74130.97
(-0.60)
Resource 10
52819.20
(-2.99)
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Please select an option Oops! Something went wrong, please try again later.
Results
Yes, and I've gotten it.
24% - 50 votes
No, I did not.
50% - 103 votes
My landlord refused
26% - 55 votes
Vote