A Facebook hack was discovered on Tuesday, September 25, 2018. The vulnerability exploit affected the privacy of almost 50 million accounts.
Facebook’s engineering team discovered a security issue last Tuesday afternoon. They said that their investigation is still in its early stages, but it was clear that a vulnerability in Facebook’s code was exploited.
The code that was exploited impacted the “View As” feature. This feature lets people see what their own profile looks like to someone else. This allowed attackers to steal Facebook access tokens which they could then use to take over other people’s accounts.
Access tokens are like digital keys that keep users logged in to Facebook, so they don’t need to reenter their password every time they open the app.
The Facebook team has already taken actions after the incident. First and foremost, they have already fixed the vulnerability and informed law enforcement.
Second, they have reset the access tokens of almost 50 million accounts that were affected to protect their security. They are also resetting access tokens to another 40 million accounts that have been subject to a “View As” lookup in the past year as a precautionary step. So around 90 million people will now have to log back in to Facebook, or any app the use Facebook Login. This was the reason why there were so many people who were logged out yesterday.
Third, they are temporarily turning off the “View As” feature while they conduct a thorough security review.
Facebook has stated that they have just started their investigation and still do not know who the attackers were. They also stated that they have yet to determine whether these accounts were misused or if any information were accessed. In addition, if they find more affected accounts, they will immediately reset their access tokens.
There is no need for anyone to change their passwords after this Facebook hack. But for people who’ve forgotten their password, can visit Facebook’s Help Center. And for anyone wants to take the precautionary action of logging out of Facebook, they should visit the “Security and Login” section in settings. It lists the places people are logged into Facebook with a one-click option to log out of them all.