Facebook hacked; at least 50 million accounts impacted

Facebook has been hacked, and at least 50 million accounts have been impacted, the firm announced today in a blog post titled “Security Update.”

As a result, 90 millions users were logged out of their accounts and forced to sign in again, the firm said.

Criminals were able to “steal” tokens that allow consumers to access their accounts without repeatedly logging in, Facebook said. This allowed the criminals to pose as Facebook users and hijack their accounts. The firm doesn’t know how many consumers’ accounts were actually infiltrated.

“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” the blog post said. “We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details.”

Facebook said criminals used the social media site’s “View As” feature to steal tokens, and then “pivot” from hijacked  accounts to access more login tokens.

The tactic sounds similar to so-called cookie-minting  attacks made famous in the hack of Yahoo (subject of my podcast, Breach), but it’s unclear what Facebook means by pivot.  With cookie minting, criminals are able to fashion tokens at will and trick a website into assuming a computer is already logged in to targeted accounts.

Facebook said the hack exploited “complex interaction of multiple issues in our code.”

The firm said consumers had no need to change their passwords; resetting the tokens kicked out the criminals, and consumers need only log into their accounts again.

“People’s privacy and security is incredibly important, and we’re sorry this happened,” the firm said.

This is a breaking news story. When more details become available I will post them here.




Don’t miss a post. Sign up for my newsletter

About Bob Sullivan 1536 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.

1 Trackback / Pingback

  1. About that Facebook impostor hack/hoax: Don’t warn people unless you’re sure you’ve *actually* been hacked – bobsullivan.net

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.