Skip to main content
close search
site logo
Dive Brief

50M Facebook accounts breached following 'security issue'

Published Sept. 28, 2018
Naomi Eide's headshot
Managing Editor

Dive Brief:

  • Almost 50 million Facebook accounts were compromised following a "security issue," the social network announced Friday in a statement by Guy Rosen, VP of Product Management. Facebook's engineering team discovered the incident on Tuesday afternoon and it took "immediate action" to disclose, inform law enforcement and update security measures. 
  • Facebook is still investigating the incident, but attackers exploited a flaw in the platform's "View As" feature, according to the announcement. The function allows a Facebook user to preview their profile on the site, seeing what it looks like to someone else. By using the feature, the attackers were able to steal access tokens, which act as "digital keys" for users to remain logged in and to avoid entering a password every time they log onto Facebook. 
  • In response, Facebook is resetting the "access tokens" of 90 million accounts — 40 million of which weren't compromised, but were reset as a precaution, according ot the announcement. The company is also temporarily turning off the "View As" option. 

Dive Insight:

Facebook is still investigating the incident, but it does not yet know if the "accounts were misused or any information accessed," Rosen said. The company is also looking into who is responsible for the attack or if there are more accounts impacted. 

In the scheme of Facebook's expansive user base, the number of compromised accounts is relatively small. In the second quarter of 2018, Facebook recorded 2.2 billion users, according to Statista. The incident affected 2% of the platform's user base. 

The issue, however, is the highly sensitive nature of the data hosted on the social network. Facebook holds personal details, connections and timelines of users of all different backgrounds. If combined with data from past breaches at other organizations, malicious actors could recreate full profiles on an individual, a perfect storm for identity theft. 

Facebook has been on a campaign to regain users' and the public's trust following the Cambridge Analytica revelations earlier this year. There was also fallout between the company's executive leadership, causing the departure of former CISO Alex Stamos in August. 

Last year, Stamos said he didn't feel like the social network had "caught up" with its security responsibility. Tech companies are quick to create an environment where engineers can customize and experiment, but that can create room for security shortcomings. 

Facebook rolled out a number of security improvements this year, including efforts to double its security team by the end of 2018 and release a data abuse bounty

With broad efforts to increase privacy, the public has undergone an awakening period with data use, moving past a more trusting mentality. As a result, organizations have to ramp up efforts to assess what is personal data and take measures to protect it. And more companies will have to engineer more controls into solutions and products. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell