50 million Facebook users may have had their security breached 2 years ago

50 million Facebook users may have had their security breached

Attackers have exploited a feature in Facebook’s code that allowed them to take over user accounts.

Facebook, the most popular social network in the world has suffered a security breach that has affected up to 50 million users.


The attack exploited a change made to Facebook's video uploading feature in July 2017, which impacted the "view as" function on the social networking site.

The attackers found the vulnerability and used it to get an access token; they then had to pivot from that account to others to steal more tokens.

Facebook have assured users that the 50 million people affected have had their tokens reset.

They said that because their investigation is still in the early stages, it is difficult to determine whether the accounts were misused or whether any information was accessed.

Facebook also don't yet know who is behind the attacks, but have assured users that they are working hard to try and understand what happened.

Guy Rosen, Vice President of Facebook's product management released an official statement on Friday explaining the situation, saying: "Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else.

"This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app."


You can read the official statement in full here.