[BreachExchange] 50 Million Facebook Accounts Hacked

Audrey McNeil audrey at riskbasedsecurity.com
Fri Sep 28 15:46:32 EDT 2018 

https://www.databreachtoday.com/50-million-facebook-accounts-hacked-a-11572

Facebook revealed Friday that it had discovered a breach that affected
almost 50 million users.

"Attackers exploited a vulnerability in Facebook's code that impacted 'View
As,' a feature that lets people see what their own profile looks like to
someone else," Facebook says in a statement posted Friday. "This allowed
them to steal Facebook access tokens, which they could then use to take
over people's accounts. Access tokens are the equivalent of digital keys
that keep people logged in to Facebook so they don't need to re-enter their
password every time they use the app. "

Facebook says it discovered the issue Tuesday afternoon. "We've fixed the
vulnerability and informed law enforcement," it says in the statement.

The company says it has reset the access tokens for the almost 50 million
compromised accounts, as well as an additional 40 million accounts that
have also been subject to the "View As" look-up in the last year. "As a
result, around 90 million people will now have to log back into Facebook,
or their apps that use Facebook login," according to the statement.

Facebook has also turned off the "View As" feature pending further
investigation.

"There is no need for anyone to change their passwords," the social network
giant says.

Investigation Continues

Facebook says the origin of the attacks is unknown.

"Since we've only just started our investigation, we have yet to determine
whether these accounts were misused or any information accessed," the
statement notes. "We're working hard to better understand these details.
... If we find more affected accounts, we will immediately reset their
access tokens."

Facebook is still dealing with the fallout from the Cambridge Analytica
scandal. The British analytics firm may have improperly obtained the data
of up to 87 million Facebook users.

And in early September, Facebook officials went to Capitol Hill to defend
how its platform is combating ongoing election interference efforts by
Russia. But at the same time, the White House and some Republican lawmakers
launched coordinated broadsides against social media firms, accusing them
of political bias, with President Donald Trump suggesting - without citing
any evidence - that the firms were interfering in U.S. elections (see
Facebook, Twitter Defend Fight Against Influence Operations).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180928/30e84dd3/attachment.html>

More information about the BreachExchange mailing list