STOCK MARKET BSE NSE

Facebook says 50 million user accounts affected by security breach

Facebook chief executive Mark Zuckerberg said engineers discovered the breach on Tuesday, and patched it on Thursday night.

Published: 28th September 2018 10:49 PM  |   Last Updated: 29th September 2018 12:21 AM   |  A+A-

The Facebook logo

By Associated Press

NEW YORK: Facebook announced Friday that up to 50 million accounts were breached in a security flaw exploited by hackers.

The leading social network said it learned this week of the attack that allowed hackers to steal "access tokens," the equivalent of digital keys that enable them to access their accounts.

Facebook chief executive Mark Zuckerberg said engineers discovered the breach on Tuesday, and patched it on Thursday night.

"We don't know if any accounts were actually misused," Zuckerberg said. "This is a serious issue."

(Facebbok Screen Grabs)

As a precaution, Facebook is temporarily taking down the "view as" feature -- described as a privacy tool to let user see how their own profiles would look to other people.

"It's clear that attackers exploited a vulnerability in Facebook's code," vice president of product management Guy Rosen said in a blog post.

"We've fixed the vulnerability and informed law enforcement."

The breach is the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had personal data hijacked by a political firm working for Donald Trump in 2016.

"We face constant attacks from people who want to take over accounts or steal information around the world," Zuckerberg said on his Facebook page.

"While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place."

Facebook said it took an additional "precautionary step" of resetting access tokens for another 40 million accounts where the vulnerable feature was used. This will require those users to log back in to Facebook.

"We're taking this incredibly seriously and wanted to let everyone know what's happened and the immediate action we’ve taken to protect people's security," Rosen said.

"People's privacy and security is incredibly important , and we're sorry this happened."

Sophisticated hack

No passwords were taken in the breach, only "tokens" that act as digital keys allowing people to automatically  log back into the social network, according to Rosen.

Information hackers appeared interested in included names, genders, and home towns, but it was not clear for what purposes, the executives said in a telephone briefing.

Mark Zuckerberg. (Photo | AFP)

The stolen tokens gave hackers complete control of accounts. Facebook is trying to determine whether hackers tampered with posts or messages in breached accounts.

Hackers took advantage of a "complex interaction" between three software bugs, which required a degree of sophistication, according to Rosen.

ALSO READ | Facebook admits phone numbers may be used to target ads

"We may never know who is behind this," Rosen said. "This is not an easy investigation."

Facebook is working with data privacy regulators as well as law enforcement, according to Rosen.

Facebook this year is doubling to 20,000 the number of workers devoted to safety and security, and has taken to embedding that personnel in with product management teams, Rosen said.

When asked why people should still trust Facebook with their personal information, Zuckerberg outlined anew ways the social network is ramping up defenses.

"As I've said a number of times, security is an arms race," Zuckerberg said.

To deal with the issue, Facebook reset some logins, so 90 million people have been logged out and will have to log in again. That includes anyone who has been subject to a "View As" lookup in the past year.

Facebook says it doesn't know who's behind the attacks or where they're based.

The hack is the latest security headache for Facebook, which has been dealing with political disinformation campaigns from Russia and elsewhere since 2016.



Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp