Facebook security breach: Up to 50m accounts attacked

The Homebrew Forum

Help Support The Homebrew Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

Chippy_Tea

Landlord.
Staff member
Administrator
Moderator
Joined
Mar 17, 2013
Messages
54,032
Reaction score
20,988
Location
Ulverston Cumbria.
I have just spotted this on BBC news - I don't have a "proper" FB account so this is not a big deal to me but it happened on Tuesday so i guess we will be hearing much more from unhappy FB users soon.

I doubt the two quotes below will fill their users with confidence. asad.

"Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. “

He added: "People’s privacy and security is incredibly important, and we’re sorry this happened."




Facebook has said “almost 50 million” of its users were left exposed by a security flaw.

The company said attackers were able to exploit a vulnerability in a feature known as “View As” to gain control of people's accounts.

The breach was discovered on Tuesday, Facebook said, and it has informed police.

Users that had potentially been affected were prompted to re-log-in on Friday.

The flaw has been fixed, wrote the firm’s head of security, Guy Rosen, adding all affected accounts had been reset, as well as another 40 million "as a precautionary step".

Facebook - which saw its share price drop more than 3% on Friday - has more than two billion active monthly users.

The firm would not say where in the world the 50 million users are, but it has informed Irish data regulators, where Facebook's European subsidiary is based.

Users that had potentially been affected were prompted to re-log-in on Friday. However, the company said users did not have to change their passwords.

"Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. “

He added: "People’s privacy and security is incredibly important, and we’re sorry this happened."

Facebook's "View As" function is a privacy feature that allows people to see what their own profile looks to other users, making it clear what information is viewable to their friends, friends of friends, or the public.

Attackers found multiple bugs in this feature that "allowed them to steal Facebook access tokens, which they could then use to take over people's accounts", Mr Rosen explained.

"Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don't need to re-enter their password every time they use the app," he added.

The breach comes at a time when the firm is struggling to convince lawmakers in the US and beyond, that it is capable of protecting user data.

Facebook founder Mark Zuckerberg said on a conference call on Friday that the firm took security seriously, in the face of what he said were constant attacks by bad actors.

Has your Facebook account been affected? You can share your experience by emailing [email protected].

Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways:

https://www.bbc.co.uk/news/technology-45686890
 
Last edited:
No matter how clever the security there always seems to be a hacker thats cleverer. Every few months there seems to be another one. After a quick google I found this, which is a list of the biggest data hacks

Strange how there are a lot of big names in the list but not all (or many for that matter) hit the headlines.
 
Perhaps because it happens so often. Its only the really big hack like your OP that get any coverage now?

Maybe the bigger the company the less time they spend worrying about making their sites hack proof, i don't think this will fill anyone with confidence -

"People’s privacy and security is incredibly important, and we’re sorry this happened."

Instead of shutting the gate after the horse has bolted why not spend some time and money making sure it doesn't happen in the first place if a hacker can find a way in why haven't their security team found this way in and closed it.

.
 
No end of it never reach the headlines. Credit card details for example, more than a billion leaked (accounts, not necessarily unique individuals), but only the big names ever get reported in the news and even then only briefly.

There's a good chance the way the internet works will flip over before too long. At present some random device connects to a site and the user logs in to identify themselves and access their data. The way things are looking the user will have a digital ID and possession and control of their data, a site will recognise them and be able to access whatever data it has permission to access.

Not if the bureaucrats have their way of course, digital IDs are coming one way or another and it's a toss up between a mess of different (and likely incompatible) government ID platforms or open platforms. Many already exist and the sooner the open methods are adopted, the sooner genuine data security becomes possible (as well as some incredible tech advancements related to them).
 
Back
Top