Facebook breach impacts up to 90 million users – May impact 3rd party websites

Facebook breach impacts up to 50 million users - May impact 3rd party websites

Facebook breach impacts up to 90 million users – May impact 3rd party websites

Facebook has announced that the site has suffered from a security breach that may affect 90 million users, a security issue that was caused by a string of bugs which originate within Facebook’s “View As” feature, which enables people to see what their profile page looks like to other users. 

Since the discovery of this security threat on Tuesday, September 25th, the website has disabled their “View As” feature and has forced all of the website’s potentially impacted users to log out of the website to invalidate stolen access tokens. Right now Facebook says that 50 million users have been affected by this security flaw and that a further 40 million have been logged out due to their use of the website’ “view as” feature. This means that up to 90 million Facebook users may have been impacted by the breach. 

The breach in question allows users to steal the “access tokens” of other accounts, which can be used to take over Facebook accounts. These “access tokens” acts as a digital key that can grant entry into a Facebook account, without the need to enter a password. There are concerns that these “access tokens” may have been used to access websites that offer Facebook login options, something that threatens to make this breach a lot worse than initially anticipated. 

Below is a video from Guy Rosen, Facebook’s VP of Product Management, who discusses the breach in detail as well as what is being done about the security hole in question. 

Facebook has informed relevant law enforcement authorities and is currently investigating the breach. The company plans to release further updates regarding this breach in the future which will reveal more information. This bug within Facebook has been present since July 2017, with the company first discovering unusual activity on September 16th, 2018. 

I will leave you with a comment from Mark Zuckerberg, Facebook’s CEO, which comes from March 21st as part of his public apology for the Cambridge Analytica scandal.  

We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you

You can join the discussion on the Facebook breach that may have impacted up to 90 million users on the OC3D Forums.