Facebook unearths security breach affecting 50 million users

Facebook Inc said on Friday (28 September) that hackers had discovered a security flaw that allowed them to take up to 50 million user accounts, a major breach that adds to a bruising year for the company’s reputation.

Facebook, which has more than 2 billion monthly active users, said it has been unable to determine yet whether the attackers misused any of the affected accounts or stole private information.

'Channel of dirt': Jourová describes her Facebook experience

Facebook came in for heavy criticism on Thursday (20 September), as EU justice chief Věra Jourová shone a light on her own Facebook experience as well as the issue of the tech giant’s non-compliance with EU consumer rules.

Facebook made headlines earlier this year after the data of 87 million users was improperly accessed by Cambridge Analytica, a political consultancy. The disclosure has prompted government inquiries into the company’s privacy practices across the world, and fueled a “#deleteFacebook” movement among consumers.

Shares in Facebook fell more than 3 percent in afternoon trading, weighing on major Wall Street stock indexes.

The latest vulnerability had existed since July 2017, but Facebook did not discover it until this month when it spotted an unusual increase in use of its “view as” feature.

“View as” allows users to see what their own profile looks like to someone else. The flaw inadvertently issued users of the tool a digital code, similar to browser cookie, that could be used to post from and browse Facebook as if they were someone else.

The company said it fixed the issue on Thursday. It also notified the U.S. Federal Bureau of Investigation, Department of Homeland Security and Irish data protection authority about the breach.

Europe's news agencies blast Google, Facebook for 'plundering' content

Europe’s biggest news agencies accused Google and Facebook of “plundering” news for free on Tuesday (4 September) in a joint statement that called on the internet giants to share more of their revenues with the media.

Facebook reset the digital keys of the 50 million affected accounts, and as a precaution reset those keys for another 40 million that have been looked up through the “view as” option over the last year.

About 90 million people will have to log back into Facebook or any of their apps that use a Facebook login, the company said.

Facebook is also temporarily disabling “view as,” it said.

In 2013, Facebook disclosed a software flaw that exposed 6 million users’ phone numbers and email addresses to unauthorized viewers for a year, while a technical glitch in 2008 revealed confidential birth-dates on 80 million Facebook users’ profiles.

Subscribe to our newsletters

Subscribe