×
You will be redirected back to your article in seconds

Facebook Resets Access to 90 Million Accounts Following Security Breach

Facebook has reset the access to 90 million user accounts after finding a security breach, forcing the affected users to log back into their accounts, the company announced Friday. The breach allowed hackers to access other people’s accounts, and directly affected 50 million of those accounts.

“We patched the issue last night,” Facebook CEO Mark Zuckerberg said on a press call Friday. “We do not yet know whether any private information was accessed.” 

The company said that it doesn’t yet know whether the breach was used by anyone to access any personal information, including private messages, from those 50 million Facebook users without their knowledge. It did confirm that hackers were able to access profile information, including age, gender, and place of residence, but that they didn’t have access to any credit card information.

Facebook clarified during a second call with media Friday afternoon that the breach also potentially gave hackers access to third-party apps and websites that use Facebook’s login, including the company’s own Messenger and Instagram apps. Users who find themselves unable to log into third-party apps with their Facebook accounts may have to disconnect those apps from their account, and then reconnect them to regain access.

Facebook said that it was working with the FBI and other law enforcement agencies to help investigate the breach.

“We also don’t know who’s behind these attacks or where they’re based,” Facebook’s VP of product management Guy Rosen wrote in a blog post. “We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.”

At the center of the hack was a Facebook feature that allows users to view their own Facebook page the way other users with different access levels — friends, family, or unknown users — would see it. This “view as” feature could apparently be exploited to also steal access tokens to take over third-party accounts.

“We’re temporarily turning off the ‘View As’ feature while we conduct a thorough security review,” Rosen wrote Friday. Users who have been affected by the breach will have to log back into their Facebook account, and the company said that it would post a note atop of their newsfeed explaining the situation.

Rosen explained during Friday’s call that the company inadvertently introduced three bugs when it updated changes to its video uploader in July of 2017. However, the company didn’t discover that these bugs could be used to hack its system until this week. It informed law enforcement about it on Wednesday, and disabled the vulnerability late Thursday.

The company decided to disable access tokens for another 40 million users as a precautionary measure because it found that the profiles of those users were browsed with the “view as” feature enabled. However, this could have also been a legitimate use of the feature.

Facebook does not yet know whether the hack was initiated by nation-state actors, but Rosen said Friday that the 50 million users targeted were seemingly a broad slice of Facebook’s users. The company did notify European authorities about the breach, something that it is required to do under Europe’s new privacy laws if European users were affected.

“The reality is, we face constant attacks,” Zuckerberg said during Friday’s call. He added that he was happy that this particular breach was uncovered, but that the company had to step up its security efforts going forward. “We need to prevent this from happening in the first place.”

Update: 2:42pm: This post was updated with additional information on the data breach.

POPULAR ON VARIETY:

More Digital

  • Portugal's Cristiano Ronaldo celebrates his side's

    Canal Plus, beIN Sports In Exclusive Talks For Distribution Deal

    Vivendi-owned pay-TV banner Canal Plus Group and Al Jazeera’s beIN Sports have started exclusive talks to sign a five-year exclusive distribution and sub-licensing deal in France. The two companies previously tried to forge a partnership in 2016 but it was denied by France’s anti-trust board. Under the proposed deal, Canal Plus would distribute all of [...]

  • NBCUniversal Peacock

    Comcast to Spend $2 Billion on NBCU's Peacock Streaming Service in First Two Years

    Comcast expects to pump $2 billion into NBCUniversal’s Peacock streaming service in aggregate over 2020 and 2021, while the company is projecting it will not be profitable for the first five years, according to CFO Mike Cavanagh. Cavanagh, who provided the details Monday at UBS’s Global TMT Conference in New York City, tried to put [...]

  • Watcher Entertainment - Steven Lim, Ryan

    Ex-BuzzFeed Video Creators Launch Watcher Entertainment Digital Studio (EXCLUSIVE)

    After building their careers as internet personalities at BuzzFeed, the creators and hosts of three of the company’s biggest shows — Steven Lim, Ryan Bergara and Shane Madej — have formed their own digital-video venture. They quit BuzzFeed earlier this year and founded L.A.-based Watcher Entertainment, with the trio looking to get full creative control [...]

  • 25. Oktober 2019, Berlin, Deutschland, JustWatch[Foto:

    Streaming Guide JustWatch Acquires Video Search Engine GoWatchIt (EXCLUSIVE)

    Berlin-based streaming guide JustWatch has acquired media search engine GoWatchIt from Plexus Entertainment, and is using the acquisition to open up its first office in New York. Terms of the deal, which was stock- and cash-based, haven’t been disclosed. GoWatchIt founder and CEO David Larkin will join JustWatch as its new senior vice president of [...]

  • CBS Joins Open AP Audience-Targeting Alliance

    CBS Joins Open AP Audience-Targeting Alliance

    “Young Sheldon” leads CBS’ Thursday-night schedule. Soon it may help to lead advertisers to a new way of placing their commercials. CBS has joined “Open AP,” the audience-targeting alliance working to accelerate the emerging advertising practice known as “audience buying.” Open AP works to give advertisers a way to buy impressions from particular types of [...]

  • Roku Channel to Stream Game of

    Roku to Stream First Season of 'Game of Thrones' for Free Later This Month

    Ready to start over on “Game of Thrones,” or finally give it a try if you never watched it in the first place? Streaming device maker Roku is giving its customers another chance to watch the first season of the hit show, as well as a number of other popular shows, for free through the [...]

  • Madhuri Dixit Nene

    Bollywood Icon Madhuri Dixit to Make Netflix Series Debut (EXCLUSIVE)

    Iconic Bollywood actress, Madhuri Dixit Nene is poised to make her Netflix acting debut with an as-yet-untitled series. Karan Johar is set as creative producer. The series will be a suspenseful family, written by New York-based writer-director Sri Rao, reflecting on the lives lead by people in the entertainment industry. Dixit featured in some of [...]

More From Our Brands

Access exclusive content