50 million Facebook Accounts Hacked
In the latest scandal to hit the social media giant, Facebook has admitted that an attack on its computer network has exposed the personal data of over 50 million users.
According to Facebook, hackers were able to gain access to the system by exploiting a vulnerability in the code used for the ‘View as’ feature. This feature enables people to see what their profile looks like to someone else viewing their account.
Once this feature was exploited, the attackers were able to steal ‘access tokens’, which could be used to take over people’s accounts and gain access to other services.
While access tokens are not individual passwords, they are like digital keys that enable users to stay logged in without having to renter their passwords every time they use the app.
The breach is also thought to have affected third party apps connected to Facebook such as Instagram, and as a precautionary measure, the company has logged 90 million users out of their accounts and reset the access tokens.
CEO of Facebook, Mark Zuckerberg commented on the breach: “This is a really serious security issue, and we’re taking it really seriously,” he said. “I’m glad that we found this, and we were able to fix the vulnerability and secure the accounts, but it definitely is an issue that it happened in the first place.”
With the introduction of the GDPR in May, organisations are now required to disclose any personal data breaches to the relevant supervisory authority within 72 hours of detection and If the breach results in a high risk of affecting an individual’s rights and freedoms, then the individual must be notified with immediate effect.
The company is still unsure who is behind the attack or where it originated from, but has confirmed that 40 million of its 2 billion users have been affected by the incident.
Facebook said that affected users will be logged out of their accounts and when they attempt to log back in they will see a message at the top of their news feed explaining what has happened.
Account passwords have not been affected by the breach, however users should be extra vigilant with any emails they receive asking them to change their account password. Hackers will often take advantage of the panic and confusion surrounding a data breach to launch phishing attacks to trick individuals into disclosing sensitive information.
The breach is the largest in the company’s 14-year history and comes at the end of a very turbulent year which has seen the company deal with the fallout from the Cambridge Analytica scandal and the ongoing allegations that the platform was used in Russian disinformation campaigns.