50 Million Facebook Accounts Hacked

At the beginning of this month, Facebook announced that as many as 50 million user accounts had been compromised by hackers who took advantage of a vulnerability in the “View As” functionality (which lets you see how your profile would look to somebody else), to steal Facebook access tokens allowing them to take over other accounts.

These tokens are the equivalent of a digital key, and the company has assured users that the vulnerability has been fixed, and authorities notified about the breach.

Tokens Reset

According to Facebook, they have reset the access tokens for the 50 million accounts that were compromised, as well as for an additional 40 million accounts that have experienced a “view as” look-up in the past year.

It will not be necessary to change passwords (passwords themselves weren’t compromised), but any apps that access Facebook, and any users that were logged in at the time of reset, will be logged out, and will have to re-enter access details to gain access to the platform.

The “View As” functionality has also been temporarily disabled.

Importance of Privacy

In their statement, Facebook reiterated how important people’s privacy (from other users…) is to the company, and apologised for the vulnerability, which was created by changes to their video uploading feature in 2017.

They reminded users that the “Security and Login” section of their settings would show all locations and apps that were currently logged into the account, and provided a one-click option to close all active logins.

Other Platforms Affected

A week later, Facebook also admitted that platforms and services which allow users to log in with their Facebook accounts, such as Instagram (already owned by Facebook), Tinder, Airbnb and Spotify, may also have been affected.

As far as we know, there is no evidence that this actually happened, and Facebooks remedial action will have automatically secured these accounts, as the old tokens are no longer valid, but the fact remains that Facebooks drive to become “the one true login” may have deeper implications that we realised.