Changes underway at Facebook.

Changes underway at Facebook.

50 million Facebook accounts affected by security breach

Social media giant says it has taken steps to fix the security problem and alerted law enforcement

Facebook says it recently discovered a security breach affecting nearly 50 million user accounts.

The hack is the latest setback for Facebook during a year of tumult for the global social media service.

In a blog post , the company says hackers exploited a bug that affected its “View As” feature, which lets people see what their profiles look like to someone else. That would let attackers steal the “access tokens” Facebook uses to keep people logged in. Possession of those tokens would allow attackers to “seize control” of user accounts, Facebook said.

Facebook says it has taken steps to fix the security problem and alerted law enforcement.

To deal with the issue, Facebook reset some logins, so 90 million people have been logged out and will have to log in again. That includes anyone who has been subject to a “View As” lookup in the past year.

Facebook says it doesn’t know who is behind the attacks or where they’re based. In a call with reporters on Friday, CEO Mark Zuckerberg said that the company doesn’t know yet if any of the accounts that were hacked were misused.

Jake Williams, a security expert at Rendition Infosec, said the stolen access tokens would have likely allowed attackers to view private posts and probably post status updates or shared posts as the compromised user, but wouldn’t affect passwords.

“The bigger concern (and something we don’t know yet) is whether third party applications were impacted,” Williams said in a text exchange. “Facebook offers a login service for third parties to allow users to log into their apps using Facebook. In other words, Facebook is providing the identity management for countless other sites and services. These access tokens that were stolen show when a user is logged into Facebook and that may be enough to access a user’s account on a third party site.

News broke early this year that data analytics firm that once worked for the Trump campaign, Cambridge Analytica, had gained access to personal data from millions of user profiles. Then a congressional investigation found that agents from Russia and other countries have been posting fake political ads since at least 2016. Facebook CEO Mark Zuckerberg appeared at a Congressional hearing over Facebook’s privacy policies in April.

Facebook has more than 2 billion users worldwide. The company said people do not need to change their Facebook passwords, but anyone having trouble logging on should visit the site’s help centre . Those who want to log out can visit the “Security and Login” section of their settings, which lists the places that people are logged into Facebook. It has a one-click option of logging out of all locations.

Ed Mierzwinski, the senior director of consumer advocacy group U.S. PIRG, said the breach was “very troubling.”

“It’s yet another warning that Congress must not enact any national data security or data breach legislation that weakens current state privacy laws, preempts the rights of states to pass new laws that protect their consumers better, or denies their attorneys general rights to investigate violations of or enforce those laws,” he said in a statement.

Wedbush analyst Michael Pachter said “the most important point is that we found out from them,” meaning Facebook, as opposed to a third party.

“As a user, I want Facebook to proactively protect my data and let me know when it’s compromised,” he said. “Shareholders should ultimately approve of Facebook’s handling of the issue.”

Related: Facebook uncovers new global misinformation operations

Related: B.C. firm linked to Facebook data scandal defends its political work

The Associated Press

Like us on Facebook and follow us on Twitter.

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

(Phil McLachlan - Capital News)
Kelowna fire crews quickly knock down blaze inside home

The fire was reported around 9:30 p.m. inside a suite attached large home

(Phil McLachlan - Capital News file)
Update: Glenmore Rd reopens after ‘serious’ high-speed collision

Collision occured at 2910 Glenmore Road North, at approx. 2:30 p.m.

COVID-19. (Image courtesy CDC)
47 new COVID-19 cases in Interior Health region

1,538 total cases, 399 are active, ten in hospital

Cantina closed due to COVID. Instagram.
Cantina Kelowna closes due to COVID-19 case

The restaurant will be closed until Dec. 10

(Google Maps)
Update: COVID-19 case confirmed at CNB Middle School

Two exposures at Kelowna schools have been confirmed today, Nov. 27

A woman wears a protective face covering to help prevent the spread of COVID-19 as she walks along the seawall in North Vancouver Wednesday, November 25, 2020.THE CANADIAN PRESS/Jonathan Hayward
911 new COVID-19 cases, 11 deaths as B.C. sees deadliest week since pandemic began

Hospitalizations reach more than 300 across the province

Black Press Media and BraveFace have come together to support children facing life-threatening conditions. Net proceeds from these washable, reusable, three-layer masks go to Make-A-Wish Foundation BC & Yukon.
Put on a BraveFace: Help make children’s wishes come true

Black Press Media, BraveFace host mask fundraiser for Make-A-Wish Foundation

Summerland residents have been receiving a telephone scam with the number showing as the telephone number of the local RCMP detachment. (Black Press Media files)
Summerland RCMP telephone number spoofed in scam calls

Number used in scam attempts from tax agency

(Village of Lumby photo)
Mysterious, loud ‘boom’ shakes North Okanagan residents

Village staff, Earthquakes Canada aren’t sure what caused the explosion-like sound

Clarence Fulton students collect cash and non-perishable food donations for families in need in their community Friday, Nov. 27. (Jennifer Smith  - Morning Star)
North Okanagan students collect food for families in need

Annual event to support nine school families this year

Cannabis bought in British Columbia (Ashley Wadhwani/Black Press Media)
Is it time to start thinking about greener ways to package cannabis?

Packaging suppliers are still figuring eco-friendly and affordable packaging options that fit the mandates of Cannabis Regulations

Take a break from the slopes to discover the rich culture and diversity of Vernon. Michelle Beaudry photo, courtesy Tourism Vernon.
Tourism Vernon could see 40% cut to budget due to COVID-19

New approach to help residents and visitors activate their adventures

Follow public health recommendations, says Interior Health as COVID-19 cases continue to climb in Revelstoke. (Image courtesy CDC)
Revelstoke positive COVID cases grows to 29

Interior Health announced a cluster in the community on Nov. 26

Screenshot of Pastor James Butler giving a sermon at Free Grace Baptist Church in Chilliwack on Nov. 22, 2020. The church has decided to continue in-person services despite a public health order banning worship services that was issued on Nov. 19, 2020. (YouTube)
2 Lower Mainland churches continue in-person services despite public health orders

Pastors say faith groups are unfairly targeted and that charter rights protect their decisions

Most Read