Facebook security breach: Up to 50m accounts attacked
Facebook says almost 50 million of its users were left exposed by a security flaw.
The company said attackers were able to exploit a vulnerability in a feature known as “View As” to gain control of people's accounts.
The breach was discovered on Tuesday, Facebook said, and it has informed police.
Users that had potentially been affected were prompted to re-log-in on Friday.
The flaw has been fixed, wrote the firm’s vice-president of product management, Guy Rosen, adding all affected accounts had been reset, as well as another 40 million "as a precautionary step".
Facebook - which saw its share price drop more than 3% on Friday - has more than two billion active monthly users.
The company has confirmed to reporters that the breach would allow hackers to log in to other accounts that use Facebook's system, of which there are many.
This means other major sites, such as AirBnB and Tinder, may also be affected.
Who has been affected?
The firm would not say where in the world the 50 million users are, but it has informed Irish data regulators, where Facebook's European subsidiary is based.
The company said the users prompted to log-in again did not have to change their passwords.
"Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. “
He added: "People’s privacy and security is incredibly important, and we’re sorry this happened."
The company has confirmed that Facebook founder Mark Zuckerberg and its chief operating officer Sheryl Sandberg were among the 50 million accounts affected.
What is 'View As'?
Facebook's "View As" function is a privacy feature that allows people to see what their own profile looks to other users, making it clear what information is viewable to their friends, friends of friends, or the public.
Attackers found multiple bugs in this feature that "allowed them to steal Facebook access tokens, which they could then use to take over people's accounts", Mr Rosen explained.
"Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don't need to re-enter their password every time they use the app," he added.
What does this mean for Facebook?
The breach comes at a time when the firm is struggling to convince lawmakers in the US and beyond, that it is capable of protecting user data.
Facebook founder Mark Zuckerberg said on a conference call on Friday that the firm took security seriously, in the face of what he said were constant attacks by bad actors.
But Jeff Pollard, vice-president and principal analyst at Forrester, said the fact Facebook held so much data meant it should be prepared for such attacks.
"Attackers go where the data is, and that has made Facebook an obvious target," he said. "The main concern here is that one feature of the platform allowed attackers to harvest the data of tens of millions of users.
"This indicates that Facebook needs to make limiting access to data a priority for users, APIs, and features."
Industry: Cyber Security News
- Senior Identity and Access Management Consultant (IDAM)
- €70,000 - €85,000
(Security Consultant, Technical Consultant, Consultant, IDAM, CyberArk, RSA, Cyber, Security, Germany) Location: Frankfurt *Candidates must be EU based (Germany preferred) as our client are unable to provide sponsorship* Senior Identity and Access Management consultant (IDAM) subject matter expert is needed to lead and drive technical and or business transformation projects in a client facing position for a prestigious consultancy in Frankfurt, Germany. A broad technical knowledge across Identity and access management is essential. Technical hands-on experience with one or more of the following Ping, Forgerock, Cyberark, RSA Aveksa is highly desirable. A successful individual will be client facing and MUST be able to effectively engage, consult and provide advice to complex client engagements. The position will give the Senior Identity and Access Management consultant the opportunity to work with top tier clients with the view of making a meaningful strategic difference. If you are passionate about your industry and specialise in the IDAM space and are looking for a new challenge to step up, apply today and speak with the Security team. Call DCL Search & Selection on 0208 663 4030 and find out about more of our cybersecurity jobs. Reference: TC7528 (Security Consultant, Technical Consultant, Consultant, IDAM, CyberArk, RSA, Cyber, Security, Germany)
- Business Development Manager (IoT Connectivity Solutions)
- Up to €120,000 plus bonus and benefits
Experienced Business Development Manager is required for an expanding Service Provider to sell/position their IOT connectivity solutions into the Manufacturing Sector within the German market. This is a great opportunity to join a key player within this space, who have a number of successful projects for you to reference, they have the skills and the network but now needs the key person to help take the message to market You need to have proven sales experience within the mobile cellular IOT connectivity space and ideally knowledge of the manufacturing sector, this is a true consultancy role, you will be comfortable working with other sales team within the business but also able to directly approach key customers yourself. Great opportunity to join an expanding business as they grow their German Presence Ref: RA7259 (IoT Sales Jobs, IoT Sales, IoT Sales Executive, IoT Business Development Manager)
- Services Manager (Telecommunications)
- Up to £75,000 plus benefits and bonus
Service Manager with telecommunications experience is required for a tier 1 service provider. You will be responsible for managing a number of key global account, acting as the voice of the customer within the business. Your key objectives will include: Responsibility for overall service relationship with the customer To enhance the customer experience To protect and grow customer revenues You will be working within a global business where you will be managing different services from different parts of the globe and therefore must be able to demonstrate where you have ideally worked within a similar environment. You will be a key member of the service management team responsible for a number of key accounts. You must have experience as a Service Manager from either a telecom/telecommunications or hosting business dealing with services to corporate accounts, you will need to have knowledge around telecom/telecommunications solutions. Ref: RA7255
- Infrastructure / Forensic Lab Manager
- Up to £40,000 Base
Infrastructure / Lab Manager needed to join a consulting business near London Bridge. MUST be commutable on a daily basis. The Infrastructure / Forensic Lab Manager will be responsible for the upkeep, performance, security/patching etc of the hardware/software used by the consultants across the UK business. Broad IT experience covering both on-prem - Cloud (Azure) environments, Hyper V, Security Information and Event Management tools (such as SPLUNK). Specific experience with Forensic / eDiscovery Labs (Relativity / Nuix) is highly desirable. The Infrastructure / Forensic Lab manager will be a key hire within the technical team being the escalation point for any internal IT issues. Experience liaising with remote/international stakeholder is essential. All details kept in the strictest of confidence. Apply today and or contact Chris.Holt@dclsearch.com *For this position candidates must be UK based and our client is unable to sponsor candidates outside of the EU* Ref: CH7533 (Forensics Jobs, Digital Forensics Jobs, Forensics Lab Manager)