Facebook flaws lead to data breach; 50M users affected

September 28, 2018

EXECUTIVE SUMMARY:

It appears to be Facebook Friday today with two significant news items relating to the social media giant. NPR reports that a data breach at Facebook affects about 50 million users. Meanwhile, a hacker was vowing to take down Facebook CEO Mark Zuckerberg’s Facebook page on Sunday, while live-streaming the event.

After noticing unusual activity on the site on September 16, Facebook began investigating. On Tuesday of this week, it discovered a vulnerability that hackers were able to exploit to gain access to user accounts. The flaw exposed user information and could have given hackers the ability to pose as the account holder.

A blog post on Facebook’s corporate site explained, “Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As,” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”

The security issue was fixed by Thursday. Meanwhile, Facebook is still unclear about who was behind the breach. “The company knows the attackers attempted to access profile information, but not whether they succeeded; it does not yet have evidence that the attackers accessed private messages or posted to accounts,” reports NPR.

In a completely separate story, Bloomberg reported that a Taiwanese hacker had threatened to use a bug he had discovered to infiltrate Mark Zuckerberg’s Facebook account and delete it while live-streaming the event. However, the hacker has since backed down from his threat and has reported the issue to Facebook.

As NPR and other media outlets have noted, Facebook has been grappling with its share of issues relating to user privacy and data security since the Cambridge Analytica scandal several months ago.

Get the full story at NPR.