×
You will be redirected back to your article in seconds

Facebook Resets Access to 90 Million Accounts Following Security Breach

Facebook has reset the access to 90 million user accounts after finding a security breach, forcing the affected users to log back into their accounts, the company announced Friday. The breach allowed hackers to access other people’s accounts, and directly affected 50 million of those accounts.

“We patched the issue last night,” Facebook CEO Mark Zuckerberg said on a press call Friday. “We do not yet know whether any private information was accessed.” 

The company said that it doesn’t yet know whether the breach was used by anyone to access any personal information, including private messages, from those 50 million Facebook users without their knowledge. It did confirm that hackers were able to access profile information, including age, gender, and place of residence, but that they didn’t have access to any credit card information.

Facebook clarified during a second call with media Friday afternoon that the breach also potentially gave hackers access to third-party apps and websites that use Facebook’s login, including the company’s own Messenger and Instagram apps. Users who find themselves unable to log into third-party apps with their Facebook accounts may have to disconnect those apps from their account, and then reconnect them to regain access.

Facebook said that it was working with the FBI and other law enforcement agencies to help investigate the breach.

“We also don’t know who’s behind these attacks or where they’re based,” Facebook’s VP of product management Guy Rosen wrote in a blog post. “We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.”

At the center of the hack was a Facebook feature that allows users to view their own Facebook page the way other users with different access levels — friends, family, or unknown users — would see it. This “view as” feature could apparently be exploited to also steal access tokens to take over third-party accounts.

“We’re temporarily turning off the ‘View As’ feature while we conduct a thorough security review,” Rosen wrote Friday. Users who have been affected by the breach will have to log back into their Facebook account, and the company said that it would post a note atop of their newsfeed explaining the situation.

Rosen explained during Friday’s call that the company inadvertently introduced three bugs when it updated changes to its video uploader in July of 2017. However, the company didn’t discover that these bugs could be used to hack its system until this week. It informed law enforcement about it on Wednesday, and disabled the vulnerability late Thursday.

The company decided to disable access tokens for another 40 million users as a precautionary measure because it found that the profiles of those users were browsed with the “view as” feature enabled. However, this could have also been a legitimate use of the feature.

Facebook does not yet know whether the hack was initiated by nation-state actors, but Rosen said Friday that the 50 million users targeted were seemingly a broad slice of Facebook’s users. The company did notify European authorities about the breach, something that it is required to do under Europe’s new privacy laws if European users were affected.

“The reality is, we face constant attacks,” Zuckerberg said during Friday’s call. He added that he was happy that this particular breach was uncovered, but that the company had to step up its security efforts going forward. “We need to prevent this from happening in the first place.”

Update: 2:42pm: This post was updated with additional information on the data breach.

POPULAR ON VARIETY:

More Digital

  • Nick Eh 30, StoneMountain64

    CAA Signs Gaming Influencers Nick Eh 30, StoneMountain64

    CAA has signed two popular live-streaming battle royale gamers — Nicholas Amyoony, better known as Nick Eh 30, and David Steinberg, aka StoneMountain64 — for representation. CAA said it will work to create opportunities for Nick Eh 30 (above left) and StoneMountain64 (above right) in all areas, including TV, motion pictures, touring, digital distribution and [...]

  • Amazon Adds NBA League Pass to

    Amazon Adds NBA League Pass Live-Streaming Games to Prime Video Channels

    Amazon is bringing pro hoops action to Prime Video Channels: The ecommerce giant now offers NBA League Pass as part of its lineup of 150-plus subscription options for Prime members in the U.S. It’s the first U.S. live-sports subscription service on Prime Video Channels. Prime members can subscribe to NBA League Pass via Prime Video [...]

  • Fifty Shades of Grey

    International Piracy Ring Stole Over 25,000 Movie and TV Digital Files, U.S. Feds Say

    A five-member international hacking crime ring stole more than 25,000 files for Hollywood movies and TV shows and illegally offered hundreds of them for sale online, according to U.S. law enforcement officials. A federal grand jury in L.A. on Wednesday (Dec. 12) indicted five men, identified as residing in the U.K., India, Dubai and Malaysia, [...]

  • Phil Schiller, Apple's senior vice president

    Apple to Update iPhones in China to Avoid Sales Ban

    Apple is pushing out a software update to iPhones in China to address a recent court order obtained by Qualcomm that banned the sale of certain iPhone models in the country. The update will allow the company to continue selling its phones in China, company representatives told Reuters Friday morning. The Fuzhou Intermediate People’s Court [...]

  • Kevin Reilly Variety Cover

    Kevin Reilly Named Content Chief for WarnerMedia Streaming Service

    Kevin Reilly — a veteran television exec who has led programming at NBC, FX, Fox, and most recently Turner Broadcasting — has been tapped to head content strategy for the still-nascent streaming service that WarnerMedia plans to launch next year. Reilly, who has led programming at Turner brands TNT and TBS since 2015, will serve [...]

  • Apple Culver City

    Apple Expects to Have Over 1,000 Employees in Culver City by 2022

    Apple announced plans to boost its L.A. presence, saying it expects to have more than 1,000 employees in Culver City, Calif., over the next three years, including its growing entertainment team. The move is part of the tech giant’s broader initiative to create 20,000 jobs in the U.S. by 2023 and includes a new $1 [...]

More From Our Brands

Access exclusive content