Late last week Facebook announced that a recent security breach left about 50 million users at risk. Facebook knows that the attackers attempted to access users’ information but are unsure whether or not they succeeded. The security breach was the result of bugs introduced into Facebook’s code back in 2017. The bug centered around Facebooks ‘View As’ feature that lets people see what their personal profile looks like to someone else. The attack was first discovered on September 25th and quickly fixed 2 days later.
Although Facebook claims that no passwords or credit cards were stolen, CEO Mark Zuckerberg is taking the attack very seriously … “This is a really serious security issue, and we’re taking it really seriously,” he said. “I’m glad that we found this, and we were able to fix the vulnerability and secure the accounts, but it definitely is an issue that it happened in the first place.”
As part of the fix, Facebook logged over 90 million users out of their accounts. 50 million of whom were exposed and another 40 million users as a precautionary measure. Each user will be required to log back in and when they do they will be presented with a statement explaining what happened. Some accounts have not received notifications, but that doesn’t mean that they have not been affected. They could still get a notification sometime in the near future.
Facebook is unsure of exactly who orchestrated the attack, but according to Executive, Guy Rosen, the attack required sophistication. This is the largest breach in Facebooks 14 year history and does not bode well for a company that has been under scrutiny for privacy issues in the past. To make matters worse, European Union Privacy Regulators could hit Facebook with a fine of over $1B if they are found to be in violation of the EU Data Protection laws.