Facebook says that 50 million user accounts affected by security breach

A statue is seen in front of the Facebook logo in this picture, March 20, 2018. REUTERS/dado Ruvic – RC155C02C7D0

Facebook said Friday it discovered a security breach that affects almost 50 million user accounts. The problem was found by the engineering team on Tuesday afternoon.

“We take this very seriously and wanted to let everyone know what happened and the immediate action we have taken to protect people from the security,” the company said in a statement.

“Our research is still in its early stages. But it is clear that the attackers abused a vulnerability in Facebook code of influence”‘, a function that people can see what their profile looks like to someone else. This allowed them to steal Facebook access tokens, which they can then use to take over the accounts of people. Access tokens are the equivalent of digital signatures that ensure people are logged in to Facebook, so that they do not need to re-enter their password each time they use the app.”


The company says that hackers made use of the “View” function on the service. Facebook says it has taken steps to resolve the safety problem, and alerted law enforcement.

If you are logged out of your account and asked to sign back in, because we have discovered that there is a security problem and take immediate measures to protect people on Facebook. More information

— Facebook (@facebook) September 28, 2018

Menlo Park, Calf.-based Facebook said that it is taking three steps to ensure that the users accounts are safe: 1. the determination of the vulnerability, and inform enforcement of the law; 2. the reset of “the access token of the nearly 50 million accounts we know have been taken to protect their security”; 3. “To temporarily disable the “View” function, while we conduct a thorough security review.”

In addition, the Mark Zuckerberg-led company said it is taking the precautionary measure to reset the access tokens for further 40 million accounts “subject to a ‘View As’ look-up in the last year,” bringing the total to 90 million accounts are now again sign in to the service.

Zuckerberg also warned about the infringement on his Facebook page.

On the conference call, Guy Rosen, VP of Product Management and the author of the aforementioned statement, said that the company is working with the FBI and said that the update law enforcement “when we learn about these interactions.” Facebook also said that it contacted the Irish Data Protection Commission about the breach.

I downloaded the new iOS, and I was booted from all my FB apps (logging in again), but none of my other apps. Anyone else have this experience?

— Jessica Lessin (@Jessicalessin) September 28, 2018

Yes. And I have not yet downloaded iOS-12 and

— Chris Ciaccia (@Chris_Ciaccia) September 28, 2018




Highlights of the Congress’ grilling of Facebook and Twitter …

The highlights of the Senate Intelligence Committee and the House Energy and Commerce Committee hearings with Facebook COO Sheryl Sandberg and Twitter’s head of Jack Dorsey, including InfoWars’ Alex Jones sparring with Marco Rubio and Rep. Billy Long drown out a protester with an auction of the conversation.


No passwords or credit card details were taken, Rosen said. Data that can be undertaken, information recorded, which can be found using the “default profile back to find API,” which includes data such as gender, name, or place of residence, ” he said.

Zuckerberg followed that by saying that the company is “taking it really seriously,” but that he is “glad that we found and we are able to secure accounts.”


Rosen would not confirm whether the violation was of state-backing, but added that the hackers have a certain level in order for an attacker to not only access but to turn on the access tokens.”Several Facebook users (including the author of this story) noticed the strange occurrence this morning and posted on social media wondering what happened.

Matt Schulz, Head of Industry Analyst at CompareCards, said that the fight is still a reminder to keep accounts safe.

“This fraction can still be a wake-up call for people to take their online safety seriously,” Schulz said in comments obtained by Fox News. “We think that there is nothing of the visit of Facebook and Instagram 10 times a day, but we feel like we don’t have enough time to make fundamental safety steps for our online identity.”


The news comes just days after a hacker said that he was going to remove Zuckerberg’s Facebook page on Sunday.

Noted Taiwanese hacker Chang Chi-yuan promised to remove Zuckerberg’s account to tell his 26,000 followers that the event would be live streamed on Facebook Live, according to The Verge.

Chang said that the event would take place on Sunday at 6 PM local time or 6 PM EST/ 3 PM PST.

Facebook has suffered two data breaches in recent history, including the Cambridge Analytica scandal, in which a number of 87 million accounts were hacked.

The Cambridge Analytica scandal caused Zuckerberg to appear before the Congress, led to a decline in confidence in the company among its users, which eventually led Zuckerberg to apologize.

Fox News’ Gillian Turner and the Associated Press contributed to this report. Follow Chris Ciaccia on Twitter @Chris_Ciaccia

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular