The latest Facebook breach, what do we know?

4.02.19

Last Friday (September 28th) Facebook announced that they had suffered an attack and over 50 Million users were at risk.

So how serious was this latest breach?

What we know…
• The vulnerability had to do with users ‘view as’ feature.
• 50 Million Facebook users fell victim.
• Facebook logged 90 Million users out as a precaution.
• Hackers were able to see everything in a user’s profile, although we are unclear if this included private messages.
• Third-party sites users logged into Facebook on were also compromised.

How did it happen?
Hackers used a sophisticated method to steal users’ information. The hackers accessed Facebook accounts by exploiting code connected to the social networks ‘view as’ feature, by doing this it allowed them to steal “access tokens”. These tokens are what allowed the hackers to access Facebook users accounts. Although these tokens are not passwords, it still gave the hackers access to login to accounts with no need of a password. Account passwords were not accessed directly however, you should always change your password regularly or after a breach to stay safe online.

Facebook later went on to announce that this breach had also affected third-party apps that users have linked to their Facebook including Instagram.
To be cautious the social networking site logged around 90 Million of its users out of their accounts. If you found your account to be logged out this weekend we advise you change your passwords to Facebook and any connecting sites.

What are access tokens?
Access tokens are something you get when you first set up an account on a computer system. These tokens keep a hold of your security credentials the first time you ever set up a login with an account. One purpose of these tokens is so you can stay logged in to accounts that you use frequently such as Facebook. These tokens hold information including the identity and privileges the user account holds.

Related Articles

What Should a Disaster Recovery Plan Contain?

First consider of this: what are the consequences of NOT having a disaster recovery plan to protect your technology and your digital assets. Without a disaster recovery plan, you run the risk of losing records permanently. Data is central to so many businesses that...

Whether you’re a small business or a large enterprise we can offer solutions for all of your Manchester IT support needs. Our dedicated and lovely workforce are always at hand to complete tasks and answer queries that will help your business tech soar! For expert IT Support in Manchester, give us a call today.

Support: 0161 452 3233
Sales: 0161 826 2220
Mail: hello@everythingtech.co.uk

Receive IT advice & insights from our team

If you would like Everything Tech to send you emails about latest IT advice and insights, sign up to our email newsletter here. (We protect your data, read our Privacy Policy for more info).

© 2019 Everything Tech Limited, 1 St Peter’s Square, Manchester, M2 3DE.