Facebook Reveals Security Breach Affecting 50 Million Users
On September 28, 2018, Facebook said hackers managed to take over as many as 50 million user accounts and access their personal data. The identity of the attackers and the full scope of the breach are unknown at this time, though Facebook reports that the bug has been fixed.
Subscribe to the Bitsonline YouTube channel for great videos featuring industry insiders & experts
Bug Involves “View As” and Video Uploader Program
The breach of Facebook’s website occurred Tuesday, September 25 . Facebook’s head of security Guy Rosen said the attackers exploited bugs in the website’s “View As” feature and a video uploading program, which allowed them to steal Facebook access tokens and then take over user accounts.
The stock price of Facebook has fallen more than two percent in trading Friday.
Though the firm wouldn’t say where the 50 million users affected lived, it had alerted Irish data regulators, which could mean that at least some of affected users were in Europe, BBC reported. Facebook’s European subsidiary is located in Dublin. The firm also said it had notified law enforcement officials, but didn’t say in which country or countries they were located in.
Facebook Has Fixed Bug, “Major Security Effort” Underway
Facebook, which has around two billion users in total, said it had already fixed the bug, but didn’t know who the attackers were. It also said it hadn’t completed its investigation as to how extensive the hack was, which leaves open the possibility that more users could end up being affected. The New York Times said that nearly 90 million users had been forced to log out of their accounts early Friday, though they didn’t need to change their passwords.
Mark Zuckerberg, the CEO of Facebook, told the press in a conference call that the company was taking the breach very seriously, saying:
We have a major security effort at the company that hardens all of our surfaces. I’m glad we found this. But it definitely is an issue that this happened in the first place. I think this underscores the attacks that our community and our services face.
Facebook’s Takes Another Hit to Its Reputation
The news is the latest in long line of data breaches for Facebook, though the scale of the incidents reached new heights in March 2018 with the emergence of the Cambridge Analytica scandal. Though media outlets, such as Harry Davies at The Guardian, reported on the story earlier.
The full extent of the scandal only came to light when whistleblower Christopher Wylie, a former employee of political consulting firm Cambridge Analytica, revealed that private data of up to 50 million users had been improperly leaked and used for political ad targeting.
Facebook admitted in April that there were actually 87 million users who were affected. As an attempt making amends, Zuckerberg promised to offer its users around the world the same privacy tools and controls as those living Europe would receive under the European Union’s new General Data Protection Regulation (GDPR) data privacy law. The GDPR provides strict guidelines as to what companies like Facebook can do with user’s data and took effect in May 2018.
However, it turned out that around the same time, Facebook was taking steps to remove privacy protections for 1.5 billion users. Prior to May, all of Facebook’s users outside of the U.S. and Canada been governed by terms of service agreed to by Facebook’s headquarters in Ireland, which meant they were subject to the GDPR. But Reuters reported in April that Facebook had taken steps to ensure that only users in Europe would be protected by GDPR.
Hacker Changes Mind About Attempting to Delete Zuckerberg’s Account
Another story involving security at Facebook broke on Friday, when Bloomberg reported that a Taiwanese hacker had said he would live stream himself hacking Mark Zuckerberg’s Facebook account on September 30th. But, later in the day, bug bounty-hunter Chang Chi-yuan changed his mind after receiving intense media attention.
Chang told Bloomberg he was cancelling the live feed, but said that he had reported the bug to Facebook and would provide proof when he received his award. It’s unclear whether the bug Chang claimed to have discovered is the same one as Facebook revealed on Friday.
Have your say. Can Facebook be trusted with its users’ data? Or does the firm see data breaches as a cost of doing business?
Images via CNet, Facebook, Pixabay