Facebook has admitted having a “security issue” with nearly 50 million accounts which had their “access tokens” compromised. The social media giant has reset tokens for another 40 million accounts as a “precaution.”
The issue affected nearly 50 million accounts, which would require users to re-enter their passwords. The security issue was discovered by the company’s engineers on Tuesday. Hackers have been apparently able to fetch the so-called “access tokens” – digital keys, which allow a user to stay logged into Facebook and to not re-enter their passwords each time they use the application.
BREAKING: Facebook admits security breach affected 50million accounts – attackers stole Facebook access tokens that they "could then use to take over people's accounts" pic.twitter.com/KCWSkzbk2G
— Sean Keach (@SeanKeach) September 28, 2018
“This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens,” Facebook stated.
— Olivia Solon (@oliviasolon) September 28, 2018
2/ RosenWhat does it mean for the 50 million to be affected? "For almost 50 million accounts we've seen the access coins were taken."
— Sara Fischer (@sarafischer) September 28, 2018
4/ Zuck"We're taking it really seriously. We have a major security effort at the company that hardens all our services and investigates issues like this. In this case, I'm glad that we found this and we're able to the secure accounts."
— Sara Fischer (@sarafischer) September 28, 2018
5/ Zuck"Definitely is an issue that happened in first place. I think it underscores the attacks community and our service face."
— Sara Fischer (@sarafischer) September 28, 2018