Skip to main content

Facebook: Almost 50 Million Accounts Affected by Massive Data Breach


Do you have a Facebook account? You might want to check on it.

The social media giant said Friday that almost 50 million user accounts were affected in a data breach. They said they told law enforcement about it, and insist there’s no need for anyone to change their passwords.

“People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened.”

The company said attackers took advantage of code linked to the “View As” feature. If you haven’t used it before, it lets users see how their profile appear on other accounts. Attackers took advantage of of this to steal Facebook access tokens, which could them be used to take over accounts.

“Access tokens” are the reason why aren’t required to reenter your password every time you open Facebook on your browser. These keep you logged-in. Specially, attackers exploited a code made to a video uploading feature in July 2017, the company said.

As a precautionary measure, the company announce it is shutting down its “View As” feature pending a security review, reset access tokens of the almost 50 million accounts affects, and also reset access tokens of 40 million users subject to a “View As” look-up in the last year. That means all of these people will have to re-login. The company promised that a notification at the top of their News Feed would explain to them what happened.

So that’s the what, where, and when. The company, however, says they don’t know the who and why. It’s unknown who was behind the attack. Facebook said they don’t even know yet if attackers did anything bad to the accounts, or if any information was access.

In a conference call Friday, a company spokesman said they’re working with the FBI in the investigation.

News about the breech isn’t doing any favors to the bottom line.

[Image via Alexander Koerner/Getty Images)]


Have a tip we should know? [email protected]

Filed Under:

Follow Law&Crime: