Logged Out of Facebook? It's Because Hackers Gained Access to 50 Million Accounts

The Hackers were able to take over the affected accounts, but the extent of the breach is unknown

Logged Out of Facebook? It's Because Hackers Gained Access to 50 Million Accounts
Image: NCCC
September 28, 2018

Have you noticed that you've been logged out of the Facebook app or been asked to log in via the website when you usually stay logged in? Well, Facebook is reporting that hackers gained access to about 50 million accounts.

Vulnerability in Facebook's Code

Facebook discovered the problem three days ago on September 25, 2018, calling it a "security issue" via a press release. Facebook reports its investigation is still ongoing and that the vulnerability has been fixed.

Facebook is reporting that attackers exploited a vulnerability in the code that impacted "View As," a feature that lets people see what their own profile looks like to someone else. It allowed the hackers to steal Facebook access tokens, which they could then use to take over accounts. Access tokens are the equivalent of digital keys that keep users logged in to Facebook so they don't need to re-enter their password every time they use the app.

Access Tokens Reset

Facebook reports that it has reset the access tokens of the almost 50 million accounts that it knows were affected and for another 40 million accounts that have been subject to a "View As" look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook or any of their apps that use Facebook Login. The "View As" feature is also being turned off temporarily.

Unknown if any accounts were misused

Facebook reports that it has not determined whether any of the compromised accounts were misused or whether the hackers accessed any information. As their investigation continues, more information could come our way as to the extent of the breach.

No need to change password, but Might Be a good idea

Facebook says that the breach does not means users should reset their passwords. However, as with all data breaches, the full extent of the information hackers were able to steal may not be known for some time. So, you might want to change your password anyway as an extra precaution.

If you do not have one of the affected accounts, your access tokens have not been reset. But if you are proactive and reset your password, it will also reset your access tokens for any session you currently have open anywhere on the web.

Not the first privacy issue this year

It's not the first time Facebook has come under fire this year for data breaches. In March 2018 the company disclosed that a third party firm sold the personal information of millions of Facebook users to a political marketing firm, which is a violation of its terms of service.