Click to Skip Ad
Closing in...
  1. AirPods Pro Prime Day Deal
    11:46 Deals

    AirPods Pro are back in stock at Amazon after selling out – and they’re $52 off

  2. Best Prime Day Apple Deals
    12:00 Deals

    Amazon Prime Day 2021: Best Apple deals

  3. Best Prime Day TV Deals
    16:38 Deals

    Best Prime Day TV deals: Samsung, LG, Vizio, and more

  4. Early Prime Day Deals
    08:06 Deals

    10 incredible early Prime Day deals that are about to end at Amazon

  5. Prime Day 2021 Deals
    07:58 Deals

    5 best Amazon Prime Day deals you can already get today

Facebook says new hack leaked data of 50 million users

September 28th, 2018 at 12:57 PM
Facebook data breach

Facebook has announced that a previously unreported attack on its network exposed the personal data of nearly 50 million users. The company said that it discovered the breach earlier this week. Attackers used a flaw in Facebook’s code to take over user attacks, the company said.

The social network says that the vulnerability has been fixed and law enforcement has been notified. Some 90 million users have been forced to log out of their accounts as of Friday morning, and when they log back in, Facebook will notify them about the breach. That move was a precautionary measure, the company said.

The flaw was in Facebook’s “View As” tool, a privacy feature that lets Facebook users view their own profile as if they were someone else. It can be used to verify that no more information is exposed to an individual than you want, but in this case, it seems as if a flaw in Facebook’s security let attackers do much more:

Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.

The forced logouts will ensure that no ongoing access to an account is possible with the stolen security token. Facebook has forced the 50 million accounts it knows were affected to log out, as well as 40 million more that have used the “View As” feature in the last year.

The lingering question is what data may have been accessed in the breach. In theory, the worst thing that an attacker could find would be anything that you yourself can view on your Facebook profile, which includes names, dates of birth, family members, and likely years of photos. That is enough for a phishing attack on people’s other accounts, like banks or credit cards, but it does mean that no banking or sign-in information should have been at risk. Facebook also says there is no need to change your password.

Popular News