Social media giant Facebook reported today that a data breach put 50 million users at risk. Here’s what you need to know.
Are you one of the 50 million people who found themselves logged out of Facebook upon waking this morning? If so, there’s no cause to panic. Here’s what’s happening.
In a public posting on Facebook today, CEO Mark Zuckerberg announced that a data breach has hit the social media giant, writing, “On Tuesday, we discovered that an attacker exploited a technical vulnerability to steal access tokens that would allow them to log into about 50 million people's accounts on Facebook. We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more.”
While this news sounds alarming, you do not need to rush in to change your passwords right away (unless you want to). It wasn’t that kind of breach. Facebook VP of Product Management, Guy Rose, explains further in his post, writing, “This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted ‘View As.’ The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.”
Luis Corrons, resident Avast Security Evangelist, notes that it is still too early to analyze what has happened. “So far,” he says, “we can say that only a minor fraction of Facebook users have been affected, which is good news. And Facebook seems to be open about it, which is also a good thing. This hasn’t been a breach into their network, but a software flaw that attackers took advantage of.”
Because login data was circumvented in this breach, login credentials were not stolen. If you were affected by this breach, follow these simple steps to keep yourself safe:
In support of the International Day for the Elimination of Violence Against Women, Avast CISO Jaya Baloo describes the increased use of stalkerware during 2020 and the correlation between stalkerware and abusive relationships.
Discover how cybersecurity evolved and what prominent cyberattacks led to innovations in online protection.
Peiter Zatko, also known as the famous hacker “Mudge,” is the new head of security at Twitter, where he plans to bring creative solutions to the social platform’s notoriously poor security and preponderance of misinformation.