50m Facebook accounts breached
Stolen ‘access tokens’ could have let hackers view private posts or post status updates
Company says hackers exploited its ‘View As’ feature, which lets people see what their profiles look like to someone else |
Facebook yesterday said it recently discovered a security breach affecting nearly 50 million user accounts, but took steps to fix the security problem and alerted law enforcement.
The hack is the latest setback for Facebook during a year of tumult for the global social media service.
In a blog post, Facebook said it doesn’t know who is behind the attacks or where they’re based. In a call with reporters yesterday, CEO Mark Zuckerberg said that the company doesn’t know yet if any of the accounts that were hacked were misused.
Jake Williams, a security expert at Rendition Infosec, said the stolen ‘access tokens’ would have likely allowed attackers to view private posts and probably post status updates or shared posts as the compromised user, but wouldn’t affect passwords.
“The bigger concern [and something we don’t know yet] is whether third party applications were impacted,” Williams said in a text exchange. Facebook offers a login service for third parties to allow users to log into their apps using Facebook. The stolen access tokens may be enough to access a user’s account on a third party site.
The company said people do not need to change their Facebook passwords, but anyone having trouble logging on should visit the site’s help centre.
Facebook has more than two billion users worldwide.