Facebook

Facebook Discloses Hack Affecting 50 Million Accounts

The attackers stole Facebook access tokens, which keep you logged in so you don't have to enter your password every time you visit. In total, around 90 million people will have to log back in the next time they try to access the platform.
Facebook Discloses Hack Affecting 50 Million Accounts
Image credit: via PC Mag
2 min read
This story originally appeared on PCMag

Facebook on Friday disclosed a security breach affecting nearly 50 million accounts.

The social network discovered the breach on Tuesday and is still investigating the issue, Guy Rosen, VP of product management, wrote in the announcement.

The hackers exploited a vulnerability in Facebook's code impacting the "View As" feature, which lets you see what your profile looks like to the public or a specific individual. For now, Facebook is turning off the "View As" feature while it investigates the incident.

The attackers stole Facebook access tokens -- aka "digital keys that keep people logged in to Facebook so they don't need to re-enter their password every time they use the app," Rosen explained. With your access token, an attacker could take over your account and use it as if they were you.

The flaw that attackers exploited stemmed from a video-uploading feature change Facebook made in July 2017, but it did not elaborate.

Facebook has patched that bug, notified law enforcement about the breach, and reset the access tokens of all impacted accounts. As a precaution, Facebook is resetting the tokens for another 40 million accounts "that have been subject to a 'View As' look-up in the last year." The company said there's no evidence those other 40 million accounts have been compromised.

In total, around 90 million people will have to log back in the next time they try to access the platform. On a call with reporters Friday, Facebook executives said no actual passwords were taken, so a password reset is not necessary. No credit card information was affected, they added.

At this point, many questions remain: "Since we've only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed," Rosen wrote. "We also don't know who's behind these attacks or where they're based."

More from Entrepreneur

Grow Your Business at Entrepreneur LIVE! Join us on Nov. 16 in Brooklyn, NY, to learn from legends like Danica Patrick and Maria Sharapova, pitch our editors, meet with investors, and potentially walk away with funding!
Register here

One-on-one online sessions with our experts can help you start a business, grow your business, build your brand, fundraise and more.
Book Your Session

In as little as seven months, the Entrepreneur Authors program will turn your ideas and expertise into a professionally presented book.
Apply Now

Latest on Entrepreneur

My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.