Facebook hit by most significant data breach in its history

Wednesday, 3 October, 2018

Another week and another crisis for Facebook. Last Friday the social media giant announced it had been hit by a breach that stole the data of 50 million users. This led to Facebook resetting the access tokens for almost 90 million users. To date, this would make it the largest data breach in Facebook’s history.

It transpired that the hackers were able to exploit a vulnerability in the site’s ‘View As’ feature, which allowed hackers to steal users’ access tokens.

Our investigation is still in the early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’ feature that lets people see what their own profile looks like to someone else.

This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged-in to Facebook, so they don’t need to re-enter their password every time they use the app.

- Press statement: Facebook Inc

Facebook said they spotted the attack on 18th September when it saw a massive spike in traffic on its servers as the hackers harvested access tokens. But it took nine days before they were able to determine an actual security breach had occurred.

Facebook has now temporarily disabled its ‘View As’ feature until it has completed a ‘thorough security review.’

It was later announced that the accounts of both Mark Zuckerberg and Facebook’s chief operating officer, Sheryl Sandberg were included in the breach.

This huge security breach followed the discovery last week that Facebook was allowing advertisers to target individuals by exploiting phone numbers, which were only given by users to validate two-factor authentication (2FA).

This meant, that even if you had set your Facebook privacy controls to their most restrictive settings, advertisers could still target you because you had enabled 2FA, precisely to protect your account from unwanted attention.

These latest crises, on top of the ongoing row over fake news, has led many to reconsider their relationship with Facebook. Facebook has two billion daily users worldwide but is losing membership amongst the young.

According to eMarketer, Facebook will lose 700,000 UK young users over the year and in the US 2.1 million under 25-year-olds will leave Facebook by the end of the year. Primarily this has been due to the viewpoint of coolness, with the likes of Snapchat being seen more positively by the young.

But, undoubtedly the continued exposure of Facebook’s strategies towards advertisers, its ongoing vulnerabilities and political exploitation of the platform by outside influences have led to many questioning their Facebook future.

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.