DAWN.COM Logo

Today's Paper | April 24, 2024

Up to 50m Facebook accounts breached

AFP Published September 29, 2018

SAN FRANCISCO: Facebook announced on Friday that up to 50 million accounts were breached in a security flaw exploited by hackers.

The leading social network said it learned this week of the attack that allowed hackers to steal “access tokens”, the equivalent of digital keys that enable them to access their accounts.

Facebook chief executive Mark Zuckerberg said engineers discovered the breach on Tuesday, and patched it on Thursday night. “We don’t know if any accounts were actually misused,” he said. “This is a serious issue.”

As a precaution, Facebook is temporarily taking down the “view as” feature — described as a privacy tool to let user see how their own profiles would look to other people.

“It’s clear that attackers exploited a vulnerability in Facebook’s code,” vice president of product management Guy Rosen said in a blog post. “We’ve fixed the vulnerability and informed law enforcement.”

The breach is the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had personal data hijacked by a political firm working for Donald Trump in 2016.

“We face constant attacks from people who want to take over accounts or steal information around the world,” Zuckerberg said on his Facebook page. “While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place.”

Facebook said it took an additional “precautionary step” of resetting access tokens for another 40 million accounts where the vulnerable feature was used. This will require those users to log back into Facebook.

“We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security,” Rosen said. “People’s privacy and security is incredibly important, and we’re sorry this happened.”

Sophisticated hack

No passwords were taken in the breach, only “tokens” that act as digital keys allowing people to automatically log back into the social network, according to Rosen.

Information hackers appeared interested in included names, genders and home towns, but it was not clear for what purposes, the executives said in a telephone briefing.

The stolen tokens gave hackers complete control of accounts. Facebook is trying to determine whether hackers tampered with posts or messages in breached accounts.

Hackers took advantage of a “complex interaction” between three software bugs, which required a degree of sophistication, according to Rosen.

“We may never know who is behind this,” Rosen said. “This is not an easy investigation.” Facebook is working with data privacy regulators as well as law enforcement, according to Rosen.

Facebook this year is doubling to 20,000 the number of workers devoted to safety and security, and has taken to embedding that personnel in with product management teams, Rosen said.

When asked why people should still trust Facebook with their personal information, Zuckerberg outlined anew ways the social network is ramping up defenses. “As I’ve said a number of times, security is an arms race.”

How do I know if my account was compromised?

As per initial reports, if a user was logged out of Facebook during the last 24 hours, their account was likely to be affected by the data breach.

While people across the world complained about their accounts being logged out on Friday, users in Pakistan also reported about being asked to log in again.

“#Facebook apps are giving session time expiration error and asking to log in again. Happened 3 times with me in an hour. Many other people are reporting same in #Pakistan. Whats happening @facebook?” wrote a user on Twitter.

“Is there something wrong with #Facebook? Got logged out of my account suddenly,” wrote another, adding that she was asked to change her password by Facebook.

Speaking to Dawn, Abdul Moiz who was locked out of his account earlier in the day said that he was not alerted by the social media giant of any security breach. “I was just logged out of my phone application and elsewhere but received no security alert,” he said.

However, Facebook maintains that there is “no need for anyone to change their passwords”. “People who are having trouble logging back into Facebook — for example because they’ve forgotten their password — should visit our Help Center. And if anyone wants to take the precautionary action of logging out of Facebook, they should visit the “Security and Login” section in settings,” it said.

Published in Dawn, September 29th, 2018

Read more

On DawnNews
Dawn News English

Dear visitor, the comments section is undergoing an overhaul and will return soon.

Latest Stories

dawn images site

Most Popular

01
02
03
04
05
06
07
08
09

Must Read

Opinion

Editorial

Ties with Tehran
Updated 24 Apr, 2024

Ties with Tehran

Tomorrow, if ties between Washington and Beijing nosedive, and the US asks Pakistan to reconsider CPEC, will we comply?
Working together
24 Apr, 2024

Working together

PAKISTAN’S democracy seems adrift, and no one understands this better than our politicians. The system has gone...
Farmers’ anxiety
24 Apr, 2024

Farmers’ anxiety

WHEAT prices in Punjab have plummeted far below the minimum support price owing to a bumper harvest, reckless...
By-election trends
Updated 23 Apr, 2024

By-election trends

Unless the culture of violence and rigging is rooted out, the credibility of the electoral process in Pakistan will continue to remain under a cloud.
Privatising PIA
23 Apr, 2024

Privatising PIA

FINANCE Minister Muhammad Aurangzeb’s reaffirmation that the process of disinvestment of the loss-making national...
Suffering in captivity
23 Apr, 2024

Suffering in captivity

YET another animal — a lioness — is critically ill at the Karachi Zoo. The feline, emaciated and barely able to...