Facebook Hack Compromises 50 Million Users

The social network revealed the data breach publicly, logged out users as a precautionary measure and said it was investigating the matter.

Loukia Papadopoulos

| Sep 28, 2018 12:22 PM EST

Created: Sep 28, 2018 12:22 PM EST

culture

Flickr/ Anthony Quintano

Stay ahead of your peers in technology and engineering - The Blueprint

By subscribing, you agree to our Terms of Use and Policies You may unsubscribe at any time.

Facebook revealed today that it was the target of a data breach affecting up to 50 million users. The social media site discovered the hack earlier this week, took measures to contain it and alerted law enforcement authorities.

If you've been logged out of your account and asked to sign back in, it’s because we've discovered a security issue and are taking immediate action to protect people on Facebook. Learn more https://t.co/XLcHGYFBu2
— Facebook (@facebook) September 28, 2018

"On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security," read the social media site's statement.

90 million users logged out

The breach reportedly allowed attackers to take over control of users' accounts. Hackers are believed to have taken advantage of vulnerabilities in the code for Facebook's "View As" feature.

[see-also]

Facebook, therefore, automatically logged out almost 50 million potentially compromised accounts as an extra precautionary measure. The network also reset access tokens for another 40 million accounts that were subjected to a “View As” look-up in the last year.

In total, approximately 90 million people will need to log in again on the site or on any site-related apps. Affected users will receive a notification explaining the breach at the top of their News Feed.

The extra log in is a small price to pay to protect the security of people's private data. The social network said it will continue to investigate and update the public.

"Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based," read Facebook's statement.

"We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens."

An apology issued

Facebook further apologized for the incident and also explained that there was no need for people to change their passwords. The social network also provided instructions for those who may be struggling with logging back in.

"But people who are having trouble logging back into Facebook — for example because they’ve forgotten their password — should visit our Help Center. And if anyone wants to take the precautionary action of logging out of Facebook, they should visit the “Security and Login” section in settings," further explained the site's statement.