Hackers Exploit as Many as 90 Million Facebook Accounts
Facebook discovered Tuesday that hackers stole access to as many as 90 million user accounts, it announced Friday. “While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this,” CEO Mark Zuckerberg said. The vulnerability, which allowed exploitation of the “view as” feature, was patched Thursday, and law enforcement notified, said Vice President-Product Management Guy Rosen said. The feature lets users see what their profiles look like from another's perspective. The vulnerability let hackers steal “access tokens” and take control of accounts. “Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” Rosen said. Facebook reset access to almost 50 million accounts “we know were affected,” and as a “precautionary measure,” reset access tokens for another 40 million “that have been subject to a ‘View As’ look-up in the last year.” The feature is disabled until the security review is completed. The vulnerability “stemmed from a change we made to our video uploading feature in July 2017,” Rosen said. Sen. Mark Warner, D-Va., said a swift investigation should be made public: “Congress needs to step up and take action to protect the privacy and security of social media users. ... The era of the Wild West in social media is over.”