- 50 Million Facebook users’ personal account information exposed following a security breach that is disclosed on Friday, the 28th of September.
- The breach was discovered earlier this week. Facebook conveyed that it had then fixed the vulnerability and notified Law enforcement officials.
- Facebook could not yet find the origin or identity of the attack.
- The company is at the beginning stages of the investigation.
News in Detail:
Fifty Million Facebook users’ personal account information exposed following an attack on Friday, reported in San Francisco.
Facebook had discovered the breach on 25th September, then the company fixed the vulnerability and then notified law enforcement officials. Facebook is in the beginning stages of the investigation. On Friday morning, around 90 Million users were forced to sign out from their accounts to prevent the leak.
“I want to update you on an important security issue we’ve identified. We patched the issue last night and are taking precautionary measures for those who might have been affected. We’re still investigating, but I want to share what we’ve already found” said Mark Zuckerberg in a statement published in Facebook
Attackers exploited a technical vulnerability in the Facebook code to steal access tokens and allowing them to log into about 50 million people’s accounts on Facebook. This incident came as another shock to the company as it is going through one of the most difficult times in Facebook’s history.
The biggest challenge Facebook facing now is to convince its users that the company is responsible and confident enough to handle the crisis situation.
Facebook said that the attackers stole the access tokens through the “View as” feature, which they could use to take over the FB account holder information.
This feature “View As” is giving the FB users to see how their accounts are visible to others. Facebook authorities has conveyed that since the investigations are in the initial stage, they are yet to confirm the damages done, and could not confirm whether these accounts were misused.
In order to prevent further damage, Facebook has reset the access tokens of the almost 50 million accounts causing them to logged out of their accounts. These users have to log back in to access their accounts.
As a precautionary measure, Facebook has also reset access token for another 40 million accounts who used the View As feature. After logged back in all users will get a notification on their news feed explaining the incident.
Facebook also said they have temporarily disabled “View As” until the investigation is completed
This is alarming, since the nature of the attack is not yet clear, and the actual incident was detected a few days back. Facebook’s incident response plan is not yet clear, and the process followed looks doubtful, as it took a couple of days to respond to the detection of the attack, and also the forced log out of accounts.
Facebook CISO in charge left the firm few months back, after the earlier data leakage incident around “Cambridge Analytica”, and the company was in the process of a total overhaul of its security organization structure.
Facebook share price fell by 3 per cent to $163.78 in the trading, after the hacking news broke out.
“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Mr Zuckerberg said in a statement regarding Cambridge Analytica earlier this year
Actions to be Taken by Facebook Users
- Review the security & privacy settings of Facebook account (https://www.facebook.com/settings)
- Check “Where You are Logged in” To see all devices that are logged in with your account.
- Change the password for Facebook and other online accounts
- Enable “Use Two Factor Authentication”
- Enable “Get alerts about unrecognized logins”
- Check what are the devices under “Authorized Logins”
Measures taken by Facebook as conveyed earlier:
- Instituted strict data-sharing policies with third-parties
- Has scaled back the amount of data it would share with developers in the future
- The company suspended access to more than 400 third-party apps after an audit of the thousands of outside apps connected to Facebook.
- “View As” feature is temporarily disabled until the investigation is completed.