Facebook Breach

Facebook has had a hard year, and it just got worse. The company announced that it was compromised, and 50 million users were affected. The company discovered the breach on Tuesday, and reported it three days later.

While 50 million users may seem like relatively minor news given the total number of Facebook users out there, it’s roughly the equivalent of the entire population of the west coast of the United States. 

All Facebook users should take responsive action

When Facebook announced the breach, it was still investigating the situation. The company’s response to the hack affected an additional 40 million users. This should send a message to all Facebook users that they should remain vigilant in the coming days and weeks.

What happened

This latest breach was caused by an upgrade.

According to Facebook, “attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.” According to Facebook’s blog, the attack exploited a complex interaction of multiple issues in the social media site’s code that stemmed from a change made to a video uploading feature in July 2017.

The takeaway is simple. Any changes made to networks, software and other systems must be immediately and continually tested and monitored for vulnerabilities that may have been caused in the process. Every company no matter its size needs an effective vulnerability management program rather than the “patch and pray” approach to cybersecurity. Just because you are secure at 9:01 does not mean that will still be the case at 9:02. 

Given the relatively small number of users affected, this could be described as optics issue, but it’s a wake-up call: No matter how good your security is, hackers will find a way in. 

What Facebook Has Done:

Facebook has addressed the vulnerability, and deactivated the feature that was exploited by the hackers until further notice in order to thoroughly review the issue. 90 million Facebook have been logged off as a precautionary measure, because the compromise affected a security feature called “access tokens,” which identify user devices and streamline access to the site for users. They have also provided a blog post about the issue, which can be viewed here.

What You Need to Know:

The investigation is still underway. They should not be alarmed if they find that Facebook has automatically logged them out. The site did this as a precaution, once they learned that user access tokens were vulnerable. The hack seemed to be geared toward account takeover, but Facebook did not indicate any accounts had been taken over at the time of the report.

What You Can Do:

  • Log on to your Facebook account. You may have been logged out. If you are, don’t panic. Users were logged off by Facebook as a precautionary measure given the nature of the attack.
  • Make sure nothing has been altered on your Facebook account. Check your timeline, your outgoing messages, and recent activity.
  • Whether or not you have been logged out by Facebook, it is imperative that you create a new password for your Facebook account.
  • Activate two-factor authentication

There are no givens in today’s landscape of pervasive cyber insecurity. The best plan is to be prepared, stay up to date, always assume the worst will happen, and act when it does.