Facebook today (Friday, 9.28.2018) said an attack to its network led to the exposure of information from nearly 50 million of its users. Company engineers first discovered the security issue on Tuesday. “We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security,” Guy Rosen, vice president of product management, said in a Facebook statement.
What the attackers did
The attackers exploited a feature in Facebook’s code. The exploit allowed them to steal Facebook “access tokens,” which are like digital “keys” that enable people to stay logged in to Facebook without needing to re-enter a password every time they use the application. The company said it did not know the origin or identity of the attackers, nor had it fully assessed the scope of the attack.
What Facebook has done in response to the attack
According to Facebook, these are the steps the company has taken since discovering the attack.
1 | Fixed the vulnerability and informed law enforcement.
2 | Reset the access tokens of the almost 50 million accounts Facebook knows were affected to protect their security.
3 | Reset access tokens for another 40 million accounts as a precaution (meaning that 90 million accounts must log back in).
What Facebook says you should do
Log back into facebook | Around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login.
Look for the notification | After you log back in, you will get a notification at the top of your News Feed explaining what happened.
If necessary, visit the Facebook Help Center | If you are having trouble logging back into Facebook — for example, because you’ve forgotten your password — visit the Facebook Help Center.
If you don’t see the notification and want to take the precautionary action of logging out of Facebook, visit the “Security and Login” section in settings. It lists the places you are logged into Facebook with a one-click option to log out of them all.