Hackers accessed data from nearly 50 million Facebook accounts, the company said today. The company discovered the breach on Tuesday, according to the post, and does not know who was behind the attack. The social giant didn’t immediately say what data the hackers might have stolen.
Facebook’s vice president of product management Guy Rosen wrote in a post announcing the breach:
Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.
This new data breach is significant not just because it showed another way that hackers can infiltrate Facebook’s defenses. It also shows that users themselves aren’t as prepared as they should be. As Michael Roston, a science editor for the New York Times noted on Twitter, it reveals that a large proportion of Facebook users aren’t protecting themselves from hacks like this as best they could.
Is the buried lede in Facebook’s announcement that only about 90 million of their 2 billion-plus users are using two-factor authentication? https://t.co/xb1UUAZysD
— Michael Roston (@michaelroston) September 28, 2018
But it likely won’t have the impact of the Cambridge Analytica scandal, which granted improper access to information about 87 million Facebook users in 2013.
Facebook’s reputation took a beating during that episode, and this is more bad news. We’ll update this post as more information becomes available.
READ MORE: Security Update [Facebook]
More on Facebook hacks: Mark Zuckerberg Kicks Off Facebook’s Cambridge Analytica Spin Cycle With a Washed Response