Sunday, 24th November 2024

50 million accounts affected in Facebook security breached

Saturday, 29th September 2018

WASHINGTON: At least 50 million user accounts were affected in one of the worst breach in Facebook's security.

Facebook Inc on Friday said that hackers stole digital login codes allowing them to take over nearly 50 million user accounts in its worst security breach ever given the unprecedented level of potential access, adding to what has been a difficult year for the company’s reputation.

Facebook, which has more than 2.2 billion monthly users, said it has yet to determine whether the attacker misused any accounts or stole private information. It also has not identified the attacker’s location or whether specific victims were targeted. Its initial review suggests the attack was broad in nature.

Chief Executive Mark Zuckerberg described the incident as “really serious” in a conference call with reporters. His account was affected along with that of Chief Operating Officer Sheryl Sandberg, a spokeswoman said.

Shares in Facebook fell 2.6 percent on Friday, weighing on major Wall Street stock indexes.

The company says hackers exploited the "View As" feature on the service. Facebook says it has taken steps to fix the security problem and alerted law enforcement.

"Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted 'View As,' a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app."

Facebook made headlines earlier this year after profile details from 87 million users was improperly accessed by political data firm Cambridge Analytica. The disclosure has prompted government inquiries into the company’s privacy practices across the world, and fueled a “#deleteFacebook” social movement among consumers.

U.S. lawmakers said on Friday that the hack may boost calls for data privacy legislation.

“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users,” Democratic U.S. Senator Mark Warner said in a statement.