×

Facebook Resets Access to 90 Million Accounts Following Security Breach

Facebook has reset the access to 90 million user accounts after finding a security breach, forcing the affected users to log back into their accounts, the company announced Friday. The breach allowed hackers to access other people’s accounts, and directly affected 50 million of those accounts.

“We patched the issue last night,” Facebook CEO Mark Zuckerberg said on a press call Friday. “We do not yet know whether any private information was accessed.” 

The company said that it doesn’t yet know whether the breach was used by anyone to access any personal information, including private messages, from those 50 million Facebook users without their knowledge. It did confirm that hackers were able to access profile information, including age, gender, and place of residence, but that they didn’t have access to any credit card information.

Facebook clarified during a second call with media Friday afternoon that the breach also potentially gave hackers access to third-party apps and websites that use Facebook’s login, including the company’s own Messenger and Instagram apps. Users who find themselves unable to log into third-party apps with their Facebook accounts may have to disconnect those apps from their account, and then reconnect them to regain access.

Facebook said that it was working with the FBI and other law enforcement agencies to help investigate the breach.

“We also don’t know who’s behind these attacks or where they’re based,” Facebook’s VP of product management Guy Rosen wrote in a blog post. “We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.”

At the center of the hack was a Facebook feature that allows users to view their own Facebook page the way other users with different access levels — friends, family, or unknown users — would see it. This “view as” feature could apparently be exploited to also steal access tokens to take over third-party accounts.

“We’re temporarily turning off the ‘View As’ feature while we conduct a thorough security review,” Rosen wrote Friday. Users who have been affected by the breach will have to log back into their Facebook account, and the company said that it would post a note atop of their newsfeed explaining the situation.

Rosen explained during Friday’s call that the company inadvertently introduced three bugs when it updated changes to its video uploader in July of 2017. However, the company didn’t discover that these bugs could be used to hack its system until this week. It informed law enforcement about it on Wednesday, and disabled the vulnerability late Thursday.

The company decided to disable access tokens for another 40 million users as a precautionary measure because it found that the profiles of those users were browsed with the “view as” feature enabled. However, this could have also been a legitimate use of the feature.

Facebook does not yet know whether the hack was initiated by nation-state actors, but Rosen said Friday that the 50 million users targeted were seemingly a broad slice of Facebook’s users. The company did notify European authorities about the breach, something that it is required to do under Europe’s new privacy laws if European users were affected.

“The reality is, we face constant attacks,” Zuckerberg said during Friday’s call. He added that he was happy that this particular breach was uncovered, but that the company had to step up its security efforts going forward. “We need to prevent this from happening in the first place.”

Update: 2:42pm: This post was updated with additional information on the data breach.

POPULAR ON VARIETY:

More Digital

  • SAG-AFTRA HQ

    SAG-AFTRA Ends Long Strike Against Ad Agency Bartle Bogle Hegarty

    SAG-AFTRA has ended its 10-month strike against Bartle Bogle Hegarty after the advertising agency agreed to sign the union’s new commercials contract. The union instructed its 160,000 members in September not to accept any work for BBH, which had been signed to SAG-AFTRA’s commercials contracts since 1999. The strike came two weeks after BBH publicly [...]

  • FaceApp is displayed on an iPhone,

    SAG-AFTRA Warns Members About FaceApp Terms of Use

    SAG-AFTRA is warning its 160,000 members about the “overreaching and invasive” terms of use for the FaceApp mobile application. FaceApp, developed by Russian company Wireless Lab, uses neural network technology to automatically generate transformations of faces in photographs. The app can be used to make users appear older, younger, or change gender. The terms include [...]

  • J. Cole

    Apple Music Launches 'Rap Life' Playlist

    Apple Music announced the launch of “Rap Life,” a new global playlist focusing on contemporary rap artists and culture. It replaces the former “The A-List: Hip-Hop” playlist. Said Ebro Darden, Apple Music’s Global Editorial Head of Hip-Hop and R&B: “We flipped it to dig deeper into into the lifestyle [and to] keep pushing the culture [...]

  • Billie Eilish

    ARRI, Mobile TV Group Back New Venture Revitalizing Streamed Concerts

    A new venture looking to bring a fresh approach to live-streaming concerts has gotten the backing of hardware heavyweights ARRI and Mobile TV Group. Wide+Close is launching with the mandate of shooting music performances with film cameras and cinematographers in order to give the content a more cinematic feel. “We want to take concert filming [...]

  • Fortnite Battle Royale

    How 'Fortnite' Fans Can Earn Loot by Watching YouTube Videos

    Epic Games and YouTube have teamed up with a special offer for “Fortnite” players — giving players of the popular battle-royale game rewards when they watch “Fortnite”-premiered content on the video platform. The catch: You have to watch at least 20 minutes of “Fortnite” special content or live esports broadcasts to receive the loot. Under [...]

  • Roku headquarters

    Roku Plans to Expand to Brazil, Other Countries (EXCLUSIVE)

    Roku plans to expand to multiple new territories in the coming months, Variety has learned. One of the first new markets for the company will likely be Brazil. An international expansion could help Roku grow its customer base, which in turn should lead to growing advertising revenues. Roku executives have been hinting at plans to [...]

  • Google Stadia Pro to Include 1

    Google’s Stadia Game Streaming Service to Include Free Monthly Game

    Google has been busy sharing additional details about its upcoming game streaming service Stadia, clearing up some confusion in the process. Stadia’s pro subscription tier, which will cost $10 per month, won’t be a Netflix-type subscription service. However, subscribers will get free games at the rate of about a title per month. That’s according to [...]

More From Our Brands

Access exclusive content