Facebook security breach puts millions of users at risk

World social media giant Facebook is at the centre of yet another storm, this time a Facebook security issue as a result of a cyber attack affecting 50 million accounts. This biggest-ever  Facebook security breach in the social network’s history comes at an unfortunate time, as Facebook is still working to regain the trust of its more than 2 billion users following the Cambridge Analytica data privacy scandal it suffered earlier this year.

Since the security breach was discovered, Facebook has alerted law enforcement agencies to the attack and is continuing its own investigation into what has happened. In addition to patching the security vulnerability, Facebook has also implemented a number of precautionary measures to protect the security of its users, as outlined below.

After noticing “unusual traffic” on its systems in mid-September, Facebook’s engineering team uncovered the security breach a few days ago. This unprecedented breach in Facebook security enabled an attacker to gain access to the accounts of 50 million Facebook users, and possibly tens of millions more.

This attack took advantage of a flaw in the code for Facebook’s “View As” feature, which is a privacy tool that lets people see what their own Facebook profile looks like to other people. By taking advantage of the bugs in Facebook’s code connected to this “View As” feature, the attacker was able to steal ‘access tokens’ from 50 million Facebook accounts.

Access tokens are the equivalent of digital keys that enable people to remain logged into Facebook, so they don’t need to re-enter their password every time they use the app. Once in possession of the access tokens, the attackers would have had full access to the 50 million Facebook accounts in question, letting them see everything in those accounts.

The latest attack on Facebook security took advantage of a flaw that was introduced into Facebook code in July 2017 when Facebook made a change to their video uploading feature, which, in turn, had an impact on Facebook’s “View As” feature.

In addition to alerting law enforcement agencies to the security breach, immediately patching the security vulnerability and implementing a review of its security, Facebook has also:

Resetting or invalidating the access tokens of these 90 million accounts has caused them to be logged out. The account holders will have to log back in again in order to access their Facebook accounts. When they do log back in, they will see a message at the top of their News Feed telling them what has happened.

Facebook’s investigation of the breach is still in its early stages and the company is yet to determine whether that attackers have accessed any information in the affected accounts. Facebook is also assuring its users that if they find any more accounts affected by the security breach, they will immediately reset the access tokens for these accounts too.

While Facebook says there’s no need for users to change passwords at this stage, they suggest that if users want to take their own precautionary step of logging out of their Facebook accounts, then to go to the “Security and Login” section in “Settings” for a one-click option to be able to log out of all places where they are logged into Facebook.

Facebook Security Precaution Tip.

There are a number of Facebook security steps you can take. This is potential applicable to many of your social media marketing tools.

1. A long cryptic password with a high degree of difficulty.
2. A setup of  2-factor authentication.
3. A setup alerts for unrecognized logins.  To do this, go to Settings > Security and Login to review.

Would you like to have an informed discussion about Facebook and how to use it, and other social media platforms, securely to advance the online profile of your business? Then simply get in touch with the team at Net Branding. Our SEO, social media, Google ads and digital marketing specialists will be able to talk you though the options and what’s best for the specific needs of your business.