Facebook announced today that more than 50 million accounts were affected by a data breach. The Facebook hack is the largest in the company’s 14-year history. Attackers exploited a vulnerability in Facebook’s code to access millions of accounts and even take control of them.
The attackers could have also gained access to several third-party applications that are linked to Facebook accounts, such as Instagram, Spotify and Tinder.
Here are some things that you need to know about the recent Facebook hack.
What really happened?
Guy Rosen, Facebook’s Vice President of Product Management, said that attackers exploited vulnerabilities in the code for its “View As” feature, allowing the attackers to steal access tokens that could be potentially used to hijack accounts. The “View As” feature allows users to check what information other people can see on their Facebook profiles.
The vulnerability stemmed from the introduction of a new video uploader in July 2017 that incorrectly generated an access token that had the same permissions of the mobile app. When the video uploader appeared as part of “View As,” it generated an access token for the user that you’re looking up, not for you as the viewer.
The access token then becomes available in the HTML code of the Facebook profile of the user that you’re looking up. This allowed the attackers to extract the access codes and use them to log in to the target accounts.
What steps were taken to secure the accounts?
Facebook has already patched up the vulnerability, disabled the “View As” feature, and reset the access tokens of 50 million accounts that it believes were targeted by the attackers. The company also reset the access tokens of another 40 million accounts that used the “View As” feature since last year.
Users that have their access tokens reset are logged out of their accounts. Upon logging back in, these users are immediately notified about the incident.
What data were stolen by the hackers?
Facebook CEO Mark Zuckerberg said that there’s currently no evidence that these accounts were compromised, although that could change in the future. Since Facebook has just recently started its investigation, it has yet to determine what information were accessed or whether the affected accounts were misused.
When did this attack happen?
Although the vulnerability was introduced on July 2017, it wasn’t until September 16, 2018 that Facebook discovered it after a spike in unusual activity. It’s possible that hackers have already exploited the vulnerability for a long time.
Who are responsible for the attack?
Facebook said that it doesn’t know yet who perpetrated the attack. The company has already reported the data breach to the FBI, and an incident of this magnitude could take several months or even years to determine who were responsible for the attack.
How many Filipino Facebook users were affected?
Since the investigation is still in the early stages, it’s not yet known how many Facebook users from the Philippines were affected.
Do I need to change my password?
According to Rosen, there’s no need to change your Facebook password yet. Access tokens don’t store your passwords, so it’s highly unlikely that passwords were stolen during the incident.
Does this affect apps linked to my Facebook account?
Facebook said that it could not determine the extent of the attackers’ access to third-party applications such as Instagram and WhatsApp. Nevertheless, users of these third-party apps are advised to unlink and relink their accounts to Facebook.
Sources: Facebook Newsroom, Engadget, TechCrunch