Fifty million Facebook accounts exposed

Vulnerability put 50m users at risk, Facebook logs out accounts as security measure

Tags: Facebook IncorporationSocial Media
  • E-Mail
Fifty million Facebook accounts exposed As many as 50m accounts were exposed to the Facebook vulnerability.
By  Mark Sutton Published  September 29, 2018

As many as 50m Facebook accounts have been exposed due to a security flaw.

The social network has reset as many as 90m accounts this weekend, including some in the Middle East, to prevent accounts being taken over by hackers.

The company said that hackers had exploited a vulnerability in a feature called ‘View As', to access accounts, but did not reveal how many people had been directly affected by the attack, or reveal location of those affected.

The company forced 50m who had potentially been exposed, plus another 40m, to log back into their accounts as a safety measure. Facebook said it was not necessary for account holders to change their passwords.

Facebook said the vulnerability has now been fixed, but its share price still fell 3% on the news.

Users whose accounts were logged out received a message from Facebook stating: "To protect your security, we may have recently logged you out of your Facebook account. On September 25th, 2018, we discovered an attack on our system where attackers stole Facebook access tokens. Access tokens are the equivalent of digital keys that attackers could then have used to take over other people's accounts. By logging people out, we prevent attackers from using the tokens to access these accounts.

"We don't know yet if anyone's Facebook information was accessed, but we wanted to let you know what we're doing to protect your account. We're continuing to investigate the situation and have informed law enforcement about the issue. If we find that more people have been affected, we'll immediately log them out and then let them know what happened."

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code