Facebook Hacked, 90 Million Users Affected - The UpStream

It is no secret that 2018 has not been Facebook's year. Between illegal data collection lawsuits and of course Cambridge Analytica, which landed CEO Mark Zuckerberg in front of Congress, this is almost certainly a year the company wishes it could do over. Unfortunately, last week added to the company's difficulties, this time care of a data breach.

This breach, which affected only about 50 million of the site's 2.23 billion active users (or about 2%), took advantage of a bug in the altered upload process introduced in mid-2017 and a bug in the "View As" profile feature. By using the bug in the View As feature, attackers were able to get access to external access keys, used to connect to applications like Hootsuite and MissingLettr, or for logging into applications via the Facebook login process.

By using these keys, an attacker could, potentially, be able to make whatever changes or access whatever data that key gives access to. For example, if you used to login process, they might be able to access your name, email address and possibly your contact list. If the key was for an application like Hootsuite, they attacker could have access to a ton of data, including all of the pages you manage and would be granted access to post to your profile and pages as you.

Fortunately, once Facebook became aware of the issue, they patched the vulnerabilities and expired every exposed access key, plus keys for another 40 million users who had used the View As feature in the last 12 months. Those 90 million users started their Friday being asked to login to a variety of applications, including the website, mobile apps, Messenger, and more. While it might be an inconvenience, it's better that Facebook revoked all of the tokens rather than leaving it up to the users to figure out some revocation process.

Your next steps, whether or not you were forcibly logged out, should involve a thorough review of the apps that you give access to your information. You might even want to consider not using the Login with Facebook feature in the future, if that is an option. Some popular applications do not allow you to skip the Facebook Login, but most allow you to create a platform-specific login. When that is an option, use it. If you were logged out, you might also want to change your Facebook password, although the company says there is no indication that password information was made available.