Facebook has reported a major security breach in which 50 million user accounts were accessed by unknown attackers.
The attackers gained the ability to “seize control” of those accounts by stealing digital keys the company uses to keep people logged in, Facebook said.
Facebook has logged out owners of the 50 million affected accounts — plus another 40 million who were vulnerable to the attack.
Photo: EPA
Users do not need to change their Facebook passwords, it said.
Facebook said it does not know who was behind the attacks or where they are based.
In a call with reporters on Friday, cofounder Mark Zuckerberg said that attackers would have had the ability to view private messages or post on someone’s account, but there is no sign that they did.
“We do not yet know if any of the accounts were actually misused,” Zuckerberg said.
The hack is the latest setback for Facebook during a tumultuous year of security problems and privacy issues. So far, though, none of that has significantly shaken the confidence of the company’s 2 billion global users.
The latest attack involved bugs in Facebook’s “View As” feature, which lets people see how their profiles appear to others.
The attackers used that vulnerability to steal the digital keys, known as “access tokens,” from the accounts of people whose profiles were plugged into the “View As” feature — and then moved along from one user’s Facebook friend to another.
Possession of those tokens would allow attackers to control those accounts.
One of the bugs was more than a year old and affected how the “View As” feature interacted with Facebook’s video uploading feature for posting “happy birthday” messages, vice president of product management Guy Rosen said.
However, it was not until the middle of this month that Facebook noticed an uptick in unusual activity, and not until this week that it learned of the attack, Rosen said.
“We haven’t yet been able to determine if there was specific targeting” of particular accounts, Rosen said in a call with reporters. “It does seem broad. And we don’t yet know who was behind these attacks and where they might be based.”
Neither passwords nor credit card data were stolen, Rosen said.
He said the company has alerted the FBI and regulators in the US and Europe.
Facebook late on Friday said that third-party apps, including its own Instagram app, could have been affected.
“The vulnerability was on Facebook, but these access tokens enabled someone to use the account as if they were the account-holder themselves,” Rosen said.
The company was on Friday sued by users of the social network.
The class-action complaint was filed in federal court in Northern California within hours of Facebook’s statement saying it had fixed the breach.
It might be too early to know how sophisticated the attackers were and if they were connected to a nation state, said Thomas Rid, a professor at the Johns Hopkins University.
Additional reporting by Bloomberg
FALSE DOCUMENTS? Actor William Liao said he was ‘voluntarily cooperating’ with police after a suspect was accused of helping to produce false medical certificates Police yesterday questioned at least six entertainers amid allegations of evasion of compulsory military service, with Lee Chuan (李銓), a member of boy band Choc7 (超克7), and actor Daniel Chen (陳大天) among those summoned. The New Taipei City District Prosecutors’ Office in January launched an investigation into a group that was allegedly helping men dodge compulsory military service using falsified medical documents. Actor Darren Wang (王大陸) has been accused of being one of the group’s clients. As the investigation expanded, investigators at New Taipei City’s Yonghe Precinct said that other entertainers commissioned the group to obtain false documents. The main suspect, a man surnamed
The government is considering polices to increase rental subsidies for people living in social housing who get married and have children, Premier Cho Jung-tai (卓榮泰) said yesterday. During an interview with the Plain Law Movement (法律白話文) podcast, Cho said that housing prices cannot be brought down overnight without affecting banks and mortgages. Therefore, the government is focusing on providing more aid for young people by taking 3 to 5 percent of urban renewal projects and zone expropriations and using that land for social housing, he said. Single people living in social housing who get married and become parents could obtain 50 percent more
DEMOGRAPHICS: Robotics is the most promising answer to looming labor woes, the long-term care system and national contingency response, an official said Taiwan is to launch a five-year plan to boost the robotics industry in a bid to address labor shortages stemming from a declining and aging population, the Executive Yuan said yesterday. The government approved the initiative, dubbed the Smart Robotics Industry Promotion Plan, via executive order, senior officials told a post-Cabinet meeting news conference in Taipei. Taiwan’s population decline would strain the economy and the nation’s ability to care for vulnerable and elderly people, said Peter Hong (洪樂文), who heads the National Science and Technology Council’s (NSTC) Department of Engineering and Technologies. Projections show that the proportion of Taiwanese 65 or older would
Democracies must remain united in the face of a shifting geopolitical landscape, former president Tsai Ing-wen (蔡英文) told the Copenhagen Democracy Summit on Tuesday, while emphasizing the importance of Taiwan’s security to the world. “Taiwan’s security is essential to regional stability and to defending democratic values amid mounting authoritarianism,” Tsai said at the annual forum in the Danish capital. Noting a “new geopolitical landscape” in which global trade and security face “uncertainty and unpredictability,” Tsai said that democracies must remain united and be more committed to building up resilience together in the face of challenges. Resilience “allows us to absorb shocks, adapt under
RSS