Facebook says nearly 50m users compromised in huge security breach

Nearly 50m Facebook accounts were compromised by an attack that gave hackers the ability to take over users’ accounts, Facebook revealed on Friday.

The breach was discovered by Facebook engineers on Tuesday 25 September, the company said, and patched on Thursday. Users whose accounts were affected will be notified by Facebook. Those users will be logged out of their accounts and required to log back in.

“I’m glad we found this and fixed the vulnerability,” Mark Zuckerberg said on a conference call with reporters on Friday morning. “But it definitely is an issue that this happened in the first place. I think this underscores the attacks that our community and our services face.”

The security breach is believed to be the largest in Facebook’s history and is particularly severe because the attackers stole “access tokens”, a kind of security key that allows users to stay logged into Facebook over multiple browsing sessions without entering their password every time. Possessing a token allows an attacker to take full control of the victim’s account, including logging into third-party applications that use Facebook Login.

The security breach comes at a time of significant strife for the social media company, which has faced mounting criticism over issues including foreign election interference, the flow of misinformation, hate speech, and data privacy.

Comments

Privacy Policy

Facebook says nearly 50m users compromised in huge security breach is dedicated to protecting consumer privacy on the Internet. Our practices are consistent with privacy guidelines established by eTrust.com.

Facebook says nearly 50m users compromised in huge security breach does not require any personal information to obtain access to our website.

Facebook says nearly 50m users compromised in huge security breach does require limited personal information including name and mailing address from individuals wishing to join as members. Additional information such as e-mail address and phone number may also be requested in order that we may contact members in a timely manner on issues related to our mission.

You will only receive e-mail from us if you request to be added to our e-mail list. You may revise or remove your e-mail address from our files at any time.

Facebook says nearly 50m users compromised in huge security breach uses "cookie" technology to obtain non-personal information from our online visitors, such as browser/computer type, number of visitors, and site usage. We do not use cookies to extract personal information.

Our website contains links to other sites, but Facebook says nearly 50m users compromised in huge security breach does not necessarily advocate, support or condone the privacy practices or content of these websites.

Facebook says nearly 50m users compromised in huge security breach makes all information received from our online visitors as secure as possible against unauthorized access and use. All information is protected by state-of-the-art security technology.

Facebook says nearly 50m users compromised in huge security breach respects the individual privacy rights and concerns of visitors to our website. We support meaningful self-regulation of the Internet to ensure that responsible organizations maintain the right to use all communications media to interact with the public.