Facebook has discovered a massive security breach affecting 50 million user accounts – including those of Facebook boss Mark Zuckerberg and COO Sheryl Sandberg.
The social media giant said attackers exploited the site’s ‘View As’ feature, which lets people see what their profiles look like to other users.
The unknown attackers took advantage of a feature in the code called ‘Access Tokens,’ to take over people’s accounts, potentially giving hackers access to private messages, photos and posts – although Facebook said there was no evidence that had been done.
The hackers also tried to harvest people’s private information, including name, sex and hometown, from Facebook’s systems.
Facebook said it doesn’t yet know if information from the affected accounts has been misused or accessed, and is working with the FBI to conduct further investigations.
However, Mark Zuckerberg assured users that passwords and credit card information was not accessed.
As a result of the breach, the firm logged roughly 90 million people out of their accounts earlier today as a security measure.
The attack marks the latest in a string of recent setbacks for Facebook, which is still recovering from the fallout over the Cambridge Analytica scandal earlier this year, which saw some 87 million users’ data shared with the research firm without their knowledge.
As a result, some experts and officials have grown concerned about whether the firm can effectively manage and protect users’ data.
‘The implications of this are huge,’ Justin Fier, director of cyber intelligence at security company Darktrace, told Reuters.
The breach could also cause problems for Facebook with European privacy laws.
Facebook said it hasinformed the Irish Data Protection Commission about the breach, a step required by Europe’s GDPR regulations.
The commission said it received the notification, but expressed concern with its timing and lack of detail.
Virginia Sen. Mark Warner called the hack ‘deeply concerning’ and called for a full investigation.
‘…Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures.
‘This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. As I’ve said before – the era of the Wild West in social media is over,’ he added.
Not long after the breach was announced, some Twitter users also began reporting that Facebook was blocking them from sharing links to stories about the hack from the Associated Press and The Guardian.
When users attempted to share the links, they were served a message that read: ‘Our security systems have detected that a lot of people are posting the same content, which could mean that it’s spam. Please try a different post.’
The move caused some to speculate that it was a result of Facebook suppressing negative coverage of itself. However, Facebook later confirmed to the New York Times that it was a result of an error with the firm’s spam detection tools.
Friday’s announcement sent Facebook’s stock plunging by as much as 3.4 percent in afternoon trading, adding to an already rough year for Facebook shares, which have fallen 6.7 percent so far this year.
Click here to read more.
Source: Daily Mail