• Marketing Land
  • Sections
    • CMO
    • Social
    • SEM
    • SEO
    • Analytics
    • Display
    • Retail
    • MarTech
    • Resources
    • More
    • Home
  • Marketing Land
  • CMO
  • Social
  • SEM
  • SEO
  • Analytics
  • Display
  • Retail
  • MarTech
  • Resources
  • More
  • SUBSCRIBE

Marketing Land

Marketing Land
  • CMO
  • Social
  • SEM
  • SEO
  • Analytics
  • Display
  • Retail
  • MarTech
  • Resources
  • More
  • Home
  • Newsletters
  • Home
Social Media Marketing

50 million Facebook user accounts hacked

After discovering the security breach on September 25, Facebook says it doesn't know if any information was accessed.

Amy Gesenhues on September 28, 2018 at 3:04 pm
  • More

Facebook announced on Friday it had discovered a security breach affecting almost 50 million user accounts. The company says attackers exploited a vulnerability within the “View As” feature — a setting that lets users see what their profile looks like to other users. Currently Facebook doesn’t know if the attackers have misused the hacked accounts or accessed any information.

The Security Breach. On September 25, Facebook’s engineering team discovered a security vulnerability in the app’s “View As” feature that resulted in 50 user million accounts being breached. According to Facebook’s announcement, the attackers were able to steal Facebook access tokens from code attached to the “View As” feature, and leverage the tokens to take over user accounts. (Access tokens are the digital keys that allow users to remain logged in without having to enter their password every time they access their account.)

From Facebook’s announcement:

This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.

Facebook says it does not know how much damage has been done as it just started the investigation. It is unaware if the hacked accounts have been misused or if any information was accessed. The company also reports it doesn’t not know who was behind the attacks or where they were based.

Facebook’s response. Facebook says it has fixed the vulnerability and is temporarily turning off the “View As” feature while it conducts a security review. In addition to announcing the security breach, the company has informed law enforcement.

The access tokens for the 50 million accounts that were hacked have been reset, along with access tokens for an additional 40 million accounts that were subject to a “View As” look-up during the past year (as a precautionary step). The combined 90 million users who have had access tokens reset will have to log back into their accounts as they have been automatically logged out by Facebook.

The company says users who have been logged out will see a notification at the top of their News Feed explaining what happened when they log back in, but the three Marketing Land staff members who had to log back into their accounts did not see any such notification.

A continuing pattern. Facebook’s security issues are an ongoing dilemma. In addition to its own choice to play it fast and loose with user data — a business decision that resulted in the Cambridge Analytica crisis — the company has had to announce multiple security breaches this year. In June, the company apologized for a bug that accidentally set 14 million users privacy status to public without their knowledge. In September, it reported a glitch in the system that allowed users with both an app and Facebook Ads account to access Facebook Analytics data of other apps.

Today’s security breach is different as it was an outside force attacking millions of user accounts. This is more in line with the attacks Facebook, Twitter and Google reported in August. Although, even then, the 652 Pages Facebook removed were taken down for coordinated malicious behavior. Facebook’s latest security breach is separate from coordinated behavior by bad actors — this is bad actors finding a way into Facebook’s system to hack user accounts and, potentially, use stolen accounts for malicious behavior.

Why marketers should care. Facebook’s constant battle to safeguard its platform is taking a toll on users. The company suffered slow user growth during Q2, and according to a September Pew Research Center report, 42 percent of Facebook users have decreased their daily activity on the platform, with 26 percent deleting the app from their phone.

Facebook ad targeting capabilities are strong, but how effective will they be if the people being targeted continue to lose trust in the platform? There is also the added security concerns for brand and advertiser Pages. Facebook only mentioned “user accounts” being hacked, but the possibility of a brand’s — or political candidate’s — Page being attacked is a potential threat for any marketer or advertiser.


Opinions expressed in this article are those of the guest author and not necessarily Marketing Land. Staff authors are listed here.



About The Author

Amy Gesenhues
Amy Gesenhues was a senior editor for Third Door Media, covering the latest news and updates for Marketing Land, Search Engine Land and MarTech Today. From 2009 to 2012, she was an award-winning syndicated columnist for a number of daily newspapers from New York to Texas. With more than ten years of marketing management experience, she has contributed to a variety of traditional and online publications, including MarketingProfs, SoftwareCEO, and Sales and Marketing Management Magazine. Read more of Amy's articles.

Related Topics

Channel: Social Media MarketingFacebookFacebook: Business IssuesFacebook: LegalFacebook: MarketingFacebook: PrivacySocial Media Marketing

We're listening.

Have something to say about this article? Share it with us on Facebook, Twitter or our LinkedIn Group.

Get the daily newsletter digital marketers rely on.

Processing...Please wait.

See terms.

ATTEND OUR EVENTS

Next Event: Sept. 14-15, 2021

Available On-Demand: March 2021

Available On-Demand: October 2020

×

Attend MarTech - Click Here


Learn More About Our MarTech Events

Available On-Demand: SMX Create

May 18-19, 2021: SMX London

June 8-9, 2021: SMX Paris

June 15-16, 2021: SMX Advanced

June 21-22, 2021: SMX Advanced Europe

August 17, 2021: SMX Convert

November 9-10, 2021: SMX Next

December 14, 2021: SMX Code

Available On-Demand: SMX

Available On-Demand: SMX Report

×


Learn More About Our SMX Events

White Papers

  • Gartner Magic Quadrant for Digital Experience Platforms
  • Selecting a Customer Data Platform For Your Organization: The 2020 Gartner Market Guide
  • The Complete Guide to Web Core Vitals
  • The New Era of Automation in SEO
  • Nielsen Annual Marketing Report: Era of Adaptation
See More Whitepapers

Webinars

  • Drive Customer Engagement with the Power of Personalization
  • 7 Use Cases That Prove Why You Should Implement DAM
  • Accelerate Your SEO & Content Marketing Program with 4 Key Milestones
See More Webinars

Research Reports

  • Local Marketing Solutions for Multi-Location Businesses
  • Enterprise Digital Asset Management Platforms
  • Identity Resolution Platforms
  • Customer Data Platforms
  • B2B Marketing Automation Platforms
  • Call Analytics Platforms
See More Research

Attend SMX For Only $199

h
Receive daily marketing news & analysis.

Channels

  • MarTech
  • CMO
  • Social
  • SEM
  • SEO
  • Mobile
  • Analytics
  • Retail
  • Display

Our Events

  • MarTech
  • SMX

Resources

  • White Papers
  • Research
  • Webinars

About

  • About Us
  • Contact
  • Privacy
  • Marketing Opportunities
  • Staff

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • RSS
  • Youtube

© 2021 Third Door Media, Inc. All rights reserved.