Facebook announced on Friday that an attack on their network left the personal information for nearly 50 million users exposed. The breach was discovered during the week, and it was found that the hackers exploited a part of Facebook’s code that then allowed them to take over accounts.
The Security Breach.
The company says attackers exploited a vulnerability within the “View As” feature, a setting that lets users see what their profile looks like to other users. According to Facebook’s announcement, the attackers were able to steal Facebook access tokens from code attached to the “View As” feature, and leverage the tokens to take over user accounts. (Access tokens are the digital keys that allow users to remain logged in without having to enter their password every time they access their account.)
Facebook says it does not know how much damage has been done as it just started the investigation. It is unaware if the hacked accounts have been misused or if any information was accessed. Furthermore, it does not know who was behind the attacks or where they were based.
Facebook says it has fixed the vulnerability and is temporarily turning off the “View As” feature while it conducts a security review. The company says users who have been logged out will see a notification at the top of their News Feed explaining what happened when they log back in.
A continuing pattern.
Facebook’s security issues are an ongoing dilemma. In addition to its own lax for its role in the Cambridge Analytica crisis, the company has had to announce multiple security breaches this year. In June, the company apologized for a bug that accidentally set 14 million users privacy status to the public without their knowledge. In September, it reported a glitch in the system that allowed users with both an app and Facebook Ads account to access Facebook Analytics data of other apps.
Today’s security breach is different as it was an outside force attacking millions of user accounts. This is more in line with the attacks Facebook, Twitter and Google reported in August. Facebook’s latest security breach is bad because it tells a story of hackers finding a way into Facebook’s system to hack user accounts and, potentially, use stolen accounts for malicious behavior.
Why Facebook should care.
Facebook’s constant battle to safeguard its platform is likely to take a toll on its users, users who it needs to do target advertisements. But how effective will the advertising be if the people being targeted continue to lose trust in the platform?