Privacy News Security Flaw affects Up to 50m Facebook Accounts

[Ink]

Content source

https://www.reuters.com/article/us-facebook-cyber/facebook-reveals-security-incident-affecting-50-million-users-idUSKCN1M82BK

Facebook unearths security breach affecting 50 million users

Facebook Inc has discovered a security flaw affecting about 50 million user accounts which could have allowed attackers to take over those accounts, the social networking company said on Friday.

Facebook, which has more than 2 billion monthly active users, has since fixed the vulnerability and informed law enforcement, it said here

Attackers stole Facebook access tokens through its “view as” feature, which they could then use to take over people’s accounts. “View as” allows users to see what their own profile looks like to someone else.

“We do not currently have any evidence that suggests these accounts have been compromised,” Chief Executive Officer Mark Zuckerberg said in a Facebook post.

Full Blog post at Security Update | Facebook Newsroom

On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.

Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code
[…]
Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.

 

[RejZoR]

Guess who doesn't have to worry about any of this. The other 5.6 billion people who aren't using Facebook XD

 

[Al-Faqir]

Guess who doesn't have to worry about any of this. The other 5.6 billion people who aren't using Facebook XD

I am just one of those 5.6 billion

 

[LDogg]

Doubt this effects me hopefully. Still a worrying flaw for the people effected however.

~LDogg

 

[RoboMan]

Researcher: flaw affects Facebook accounts
Mark Zuckerberg: confirmed, but good news! it only affects 2% of our users
Researcher: that's 50 million people

 

[fl00dz]

Great post. I read about this earlier on Twitter. My favorite quote in that article is "I’m so scared now. All my activities are on Facebook". Welcome to the InTeRNetZ. Nothing is ever 100% private or secure.

 

[oldschool]

Social media = hype, profiling and $$$!

 

[Deleted member 178]

i have a facebook account, under a false name obviously, and since i post basically weather, trips and food stuff, i dont care if it is taken over LOL

 

[Moonhorse]

Stopped using facebook, after they made account completely removable.
Not big fan of them

 

[Weebarra]

i have a facebook account, under a false name obviously, and since i post basically weather, trips and food stuff, i dont care if it is taken over LOL

Same here except i post nothing.

 

[spaceoctopus]

Facebook itself is a Trojan Horse!

 

[LASER_oneXM]

source: Facebook downgrades breach count from 50 million to 30 million users | ZDNet

Facebook downgrades breach count from 50 million to 30 million users


Company said 29 million of the 30 million also had personal data scraped by the attackers.

Facebook said today the number of users who had their Facebook authentication tokens stolen in a security breach that took place last month is actually 30 million, and not 50 million, as the company initially announced.

Attackers stole authentication tokens for these 30 million accounts, but they also stole additional data for 29 million, Facebook said.

• For 15 million users, attackers harvested name and contact details (phone number, email, or both, depending on what people had on their profiles).
• For 14 million users, attackers harvested the same info as above, plus username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.
• For 1 million, attackers only collected access tokens.

The social network said it's working with the FBI to identify the attackers, and could not reveal additional information about the source of the attacks.

But while answering questions in a phone conference today, Guy Rosen, Facebook's VP of Product Management, said Facebook did not identify attempts to use any of the stolen tokens.

 

[LASER_oneXM]

source: How to see if you were affected by the huge Facebook hack

But you don't have to wait for Facebook to get in touch with you to find out if you have been affected.
Over in its Help Center, Facebook has set up a page that will let you know if you have anything to be worried about. Pay a visit to this page, and hopefully you'll see the following message:

Based on what we've learned so far, your Facebook account has not been impacted by this security incident. If we find more Facebook accounts were impacted, we will reset their access tokens and notify those accounts.​

If you see this text, you are (or at least should be) in the clear. If you see anything else, you may have cause for concern.