Skip to main content

Facebook’s latest security breach leaves 50 million accounts compromised

Mark Zuckerberg speaking on stage
Justin Sullivan/Getty Images

Facebook announced that it had uncovered a new security flaw that allowed hackers to take control of as many as 50 million user accounts. The company is still in the early stages of investigating this latest security flaw and it announced that law enforcement has been notified.

“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts,” the company said in a statement. “We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.”

The flaw stems from the way access tokens are handled. Access tokens are digital keys that allows users to remain logged into their Facebook accounts without having to re-enter their passwords every time. However, due to the way Facebook’s code handles the “View As” feature, the company said that hackers may have improperly taken over people’s account. The View As feature allows Facebook users to view their profile as if they are browsing the network as someone else.

Facebook said that the bug has been patched, and to be cautious, it had reset the access tokens from 50 million user accounts. Additionally, it also reset the access tokens from another 40 million Facebook accounts that had accessed the View As feature within the last year. A total of 90 million people were forcibly logged out of their Facebook accounts as a precaution, the company said.

When users log back in, they will be greeted with a notification in their News Feed with details about the attack. Facebook said that it is temporarily turning off the View As feature while it investigates this incident.

“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” the company said. “We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details.”

This is the latest security scandal to hit Facebook. The company was also involved in the Cambridge Analytica data scandal earlier in 2018. In that incident, the data of as many as 90 million users were affected.

Editors' Recommendations

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
iPod hack puts 50 million Spotify songs in your pocket
ipod hack puts 50 million spotify songs in your pocket streaming device

When the iPod music player launched in 2001, Apple went with the slogan, “1,000 songs in your pocket.”

Skip forward 20 years and a brilliant bit of work by Massachusetts resident Guy Dupont puts 50 million songs in your pocket, streamable via Spotify.

Read more
Facebook expands its ban on QAnon conspiracy theory accounts
facebook hacked

Facebook has announced a blanket ban on QAnon accounts in a bid to drastically cut down on content supporting the radical conspiracy theory group.

The strict measures follow less rigorous action taken by Facebook against QAnon in August 2020.

Read more
Facebook says it has helped 2.5 million people register to vote
facebook voter registration 25 million nrp national voters day banner 1

Ahead of National Voter Registration Day tomorrow, Facebook says it is playing its part in getting people registered to vote in the 2020 presidential election.

Facebook announced it has helped 2.5 million people register to vote, and that it aims to get 4 million eligible voters registered. "It’s a promising start," the company announced Monday, "but we have more work to do."

Read more