Social media giant Facebook reported today that a data breach put 50 million users at risk. Here’s what you need to know.
Are you one of the 50 million people who found themselves logged out of Facebook upon waking this morning? If so, there’s no cause to panic. Here’s what’s happening.
In a public posting on Facebook today, CEO Mark Zuckerberg announced that a data breach has hit the social media giant, writing, “On Tuesday, we discovered that an attacker exploited a technical vulnerability to steal access tokens that would allow them to log into about 50 million people's accounts on Facebook. We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more.”
While this news sounds alarming, you do not need to rush in to change your passwords right away (unless you want to). It wasn’t that kind of breach. Facebook VP of Product Management, Guy Rose, explains further in his post, writing, “This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted ‘View As.’ The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.”
Luis Corrons, resident Avast Security Evangelist, notes that it is still too early to analyze what has happened. “So far,” he says, “we can say that only a minor fraction of Facebook users have been affected, which is good news. And Facebook seems to be open about it, which is also a good thing. This hasn’t been a breach into their network, but a software flaw that attackers took advantage of.”
Because login data was circumvented in this breach, login credentials were not stolen. If you were affected by this breach, follow these simple steps to keep yourself safe:
Beware of phishing scams. If you receive emails from Facebook asking for account info, credentials, etc, investigate a little further before offering up any data. Check with Facebook to make sure the request is legitimate.