If Facebook logged you out, your data was likely breached
Facebook Inc. discovered a security breach that put the data of 50 million users at risk, the company announced Friday, and users who might have been affected will be or have been logged out of the service.
In a blog post, Facebook executive Guy Rosen said that the social network’s “view as” feature, which allows users to see their profile page as other users would, had a vulnerability that allowed hackers to access the security “token” that allows users to stay logged in. Access to those tokens would allow the hackers to completely take over the account, and see data such as name, gender and hometown. On a conference call, Facebook assured the media that credit-card numbers could not have been accessed.
Facebook will force the 50 million users who had their data accessed to log in with their passwords and will offer more information about the breach once they do. Facebook has also logged out another 40 million users who have used the “view as” feature as a precaution.
Sen. Flake Calls to Delay Kavanaugh Vote for an FBI Investigation
In a second conference call Friday afternoon, Facebook disclosed that the breach also gave hackers access to other services that use Facebook accounts, a service called Facebook Login. According to The New York Times, users whose accounts were breached included Facebook’s top two executives, Chief Executive Mark Zuckerberg and Chief Operating Officer Sheryl Sandberg.
Facebook’s stockFB, -2.59%took a hit directly after the breach was announced, and closed down 2.6% on the day. Shares have declined 6.8% so far this year amid other data scares, such as the Cambridge Analytica scandal, and the increasing costs Facebook is facing to confront its issues. The S&P 500 indexSPX, +0.00%has gained 9% in 2018.
Facebook said the vulnerability is fixed, law enforcement has been notified and the breach has been disclosed to the Irish Data Protection Commission to satisfy a GDPR requirement to notify within 72 hours. The company will turn off the “view as” feature temporarily.
Chief Executive Mark Zuckerberg said the vulnerability was discovered Tuesday, and admitted that Facebook needs better safeguards to avoid breaches.
“While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place,” Zuckerberg said in a post on his Facebook page.
“This is going to be an ongoing effort and we’re going to need to keep focusing on this over time,” Zuckerberg added on the conference call.
In the conference call, Facebook said that it had been able to fix the vulnerability Thursday. However, the company does not know whether data were actually accessed or stolen accounts were used.
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” Rosen wrote in the blog post. “We also don’t know who’s behind these attacks or where they’re based.”
The breach is likely to increase pressure on Facebook, which has already faced blowback from politicians for earlier privacy issues. U.S. Sen. Mark Warner, a Virginia Democrat, called the breach “deeply concerning” in an email statement Friday.
“Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau EquifaxEFX, +0.14%are able to accumulate so much personal data about individual Americans without adequate security measures,” he wrote. “This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users.”
Source: Read Full Article