Skip to Content
Tech policy

How to know if you’re affected by Facebook’s massive data breach

September 28, 2018

Answer: Quite possibly because Facebook’s already forced you to log out and back into your account today

The news: Facebook said hackers exploited a software flaw to access the records of almost 50 million customers. The firm said it had fixed the vulnerability and reported the breach to law enforcement.

The hack: The company said that the hackers had exploited a coding glitch that affected the service’s “View As” feature, which lets people see what their own profile looks like when someone else takes a look at it online. This allowed them to get hold of digital “tokens,” which are software keys that let people access their account without having to log back in every time.

Those keys let the hackers unlock access to people’s accounts. It’s not clear yet what damage they did.

The fix: The firm says it has fixed the flaw and reset the access tokens of almost 50 million accounts. So if you were unexpectedly booted out of your Facebook account today and had to log back in, the chances are you were a victim of the breach. But not necessarily: Facebook also reset the tokens of another 40 million customers as a precautionary measure because their profiles had been viewed using the View As approach over the past 12 months.

Questions, questions—and more questions: Although Facebook appears to have moved swiftly to publicize the breach—it says it only discovered it on Tuesday—there are lots of questions it needs to answer. How long had the hackers been inside Facebook’s network? What exactly did they do with their access? Why, at a time when Facebook is under intense scrutiny over the abuse of its platform to spread fake news, did it not have a tighter grip on the basic security of its system? And did the recent departure of security head Alex Stamos and the move to break up the dedicated security team and distribute people into other departments cause the company to miss the security hole?

This latest disaster adds to a no good, very bad year for the social network, which has also been under intense scrutiny for its failure to protect customer data in the Cambridge Analytica affair.

CEO Mark Zuckerberg and other senior executives have become regulars at congressional hearings to investigate Facebook’s failings. They may soon find themselves hauled back to Washington, DC, once again.

 

Deep Dive

Tech policy

hired guns concept
hired guns concept

The secret police: A private security group regularly sent Minnesota police misinformation about protestors

There are 13 private security guards for every one police officer in downtown Minneapolis, but these groups are far less regulated than police departments.

censorship of online docs concept
censorship of online docs concept

A million-word novel got censored before it was even shared. Now Chinese users want answers.

After a writer was locked out of her novel for including illegal content, Chinese web users are asking questions about just how far the state’s censorship reaches.

security cameraa
security cameraa

The world’s biggest surveillance company you’ve never heard of

Hikvision could be sanctioned for aiding the Chinese government’s human rights violations in Xinjiang. Here’s everything you need to know.

Mifiprex pill
Mifiprex pill

Where to get abortion pills and how to use them

New US restrictions could turn abortion into do-it-yourself medicine, but there might be legal risks.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.