×

Facebook Resets Access to 90 Million Accounts Following Security Breach

Facebook has reset the access to 90 million user accounts after finding a security breach, forcing the affected users to log back into their accounts, the company announced Friday. The breach allowed hackers to access other people’s accounts, and directly affected 50 million of those accounts.

“We patched the issue last night,” Facebook CEO Mark Zuckerberg said on a press call Friday. “We do not yet know whether any private information was accessed.” 

The company said that it doesn’t yet know whether the breach was used by anyone to access any personal information, including private messages, from those 50 million Facebook users without their knowledge. It did confirm that hackers were able to access profile information, including age, gender, and place of residence, but that they didn’t have access to any credit card information.

Facebook clarified during a second call with media Friday afternoon that the breach also potentially gave hackers access to third-party apps and websites that use Facebook’s login, including the company’s own Messenger and Instagram apps. Users who find themselves unable to log into third-party apps with their Facebook accounts may have to disconnect those apps from their account, and then reconnect them to regain access.

Facebook said that it was working with the FBI and other law enforcement agencies to help investigate the breach.

“We also don’t know who’s behind these attacks or where they’re based,” Facebook’s VP of product management Guy Rosen wrote in a blog post. “We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.”

At the center of the hack was a Facebook feature that allows users to view their own Facebook page the way other users with different access levels — friends, family, or unknown users — would see it. This “view as” feature could apparently be exploited to also steal access tokens to take over third-party accounts.

“We’re temporarily turning off the ‘View As’ feature while we conduct a thorough security review,” Rosen wrote Friday. Users who have been affected by the breach will have to log back into their Facebook account, and the company said that it would post a note atop of their newsfeed explaining the situation.

Rosen explained during Friday’s call that the company inadvertently introduced three bugs when it updated changes to its video uploader in July of 2017. However, the company didn’t discover that these bugs could be used to hack its system until this week. It informed law enforcement about it on Wednesday, and disabled the vulnerability late Thursday.

The company decided to disable access tokens for another 40 million users as a precautionary measure because it found that the profiles of those users were browsed with the “view as” feature enabled. However, this could have also been a legitimate use of the feature.

Facebook does not yet know whether the hack was initiated by nation-state actors, but Rosen said Friday that the 50 million users targeted were seemingly a broad slice of Facebook’s users. The company did notify European authorities about the breach, something that it is required to do under Europe’s new privacy laws if European users were affected.

“The reality is, we face constant attacks,” Zuckerberg said during Friday’s call. He added that he was happy that this particular breach was uncovered, but that the company had to step up its security efforts going forward. “We need to prevent this from happening in the first place.”

Update: 2:42pm: This post was updated with additional information on the data breach.

POPULAR ON VARIETY:

More Digital

  • Editorial Use onlyMandatory Credit: Photo by

    YouTube Rolls Back Verification Changes, Says Verified Creators Can Keep Their Badge

    A day after announcing significant changes to its verification program, YouTube announced Friday afternoon that it won’t be de-verifying existing creators after all. “We heard loud and clear how much the badge means to you,” said YouTube product manager Jonathan McPhie in a blog post. “Channels that already have the verification badge will now keep it [...]

  • BLive: BitTorrent Live Streaming App to

    BitTorrent to Launch Public Beta of New Live Streaming App

    BitTorrent is getting ready to open the floodgates for its new live streaming app, dubbed BitTorrent Live: The company plans to launch a BitTorrent Live Android app on various app stores as part of a public beta test late Friday, according to a spokesperson. BitTorrent Live, which is also known as BLive, is being described [...]

  • Netflix - Apple TV

    Netflix Stock Drops After CEO Acknowledges 'Tough Competition' Coming From Disney, Apple

    Netflix shares fell as much as 7% Friday to a nine-month low, coming after CEO Reed Hastings commented that the November launches of Disney Plus and Apple TV Plus will introduce a “whole new world” of competition. Hastings, speaking at the Royal Television Society conference Friday in Cambridge, England, said, “While we’ve been competing with [...]

  • Facebook

    Facebook Suspends Tens of Thousands of Apps During Privacy Investigation

    Facebook has suspended tens of thousands of apps ever since it began investigating potential privacy abuses, the company said Friday. The apps in question had been built by around 400 developers, and a suspension doesn’t necessarily indicate actual privacy violations. Facebook began combing through millions of apps that made use of its platform after the [...]

  • tivo logo

    Tivo Plans to Launch Android TV Dongle, Tivo+ Curation App

    DVR maker Tivo is getting ready to release a new device that may not record television at all: The company plans to launch a $50 Roku-like TV dongle early next year, its new CEO Dave Shull revealed in a conversation with CNN this week. The new device will be powered by Google’s Android TV platform, [...]

  • Still from "Andhadhun"

    Microsoft Streaming Deal Lifts Shares in India’s Eros

    Shares of leading Bollywood film distributor Eros International soared by 38% on Thursday following news of the company’s link up with Microsoft to develop a new generation of video streaming platform. The multinational company said that its Eros Now video operation would work with Microsoft Azure to develop its technology in three ways. They seek [...]

  • Comcast X1 DAZN

    Comcast Adds DAZN Sports-Streaming Service to Xfinity Flex, Sets Launch on X1

    DAZN, the digital sports service headed by ex-ESPN boss John Skipper, is now available to Comcast broadband customers on Xfinity Flex and will be available on Xfinity X1 this fall. It’s the first distribution deal for DAZN with a major U.S. provider since it debuted the combat-sports-oriented service in the States a year ago. In [...]

More From Our Brands

Access exclusive content