Employees | 4 min read

Facebook Announces Massive Data Breach: 50 Million Users Compromised

  

Want to get updates on InfoArmor News?

Facebook, already under siege by foreign agencies, the U.S. government, and privacy-rights activists across the globe, discovered a new enemy this week — one that it cannot yet name and one whose intentions are not immediately clear. While this is a developing story with many uncertainties, here’s what we do know about the data breach that exposed the personal details of nearly 50 million Facebook users.

What Facebook knows about the breach

Earlier this week, Facebook learned that cybercriminals hijacked millions of user accounts by exploiting multiple bugs in the site's coding.

The first vulnerability lay in the platform’s “view as” function, which allows users to see how their profile is displayed to other viewers. Ironically, this feature was first created to help users better control their privacy. The second bug was tied to Facebook’s video uploading program, first introduced in 2017. Collectively, these exploits allowed cybercriminals to gain access to nearly 50 million users.

The public became aware of the issue Friday morning when 90 million users were forced to log back into their accounts. This figure included the 50 million known victims, as well as 40 million additional accounts that were reset as a precaution.

Users who may have been affected by the breach were also alerted via Facebook notification.   

What Facebook doesn’t know about the breach

As of the publishing of this article, there are more unknowns than knowns — including some of the most significant pieces of the puzzle. This includes:

  • An exact count of how many users were involved
  • The identity of the hackers
  • The motivation of the attackers
  • How the exploited accounts may have been misused
  • How the personal details obtained could be used

Facebook’s statement on the breach

The timing couldn’t be worse for Facebook, which finds itself in a sea of growing controversy. The company made official statements through a variety of channels on Friday.

Guy Rosen, vice president of product management, attempted to calm affected users via an FB Newsroom post:

“We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security...People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened.”

Meanwhile, CEO Mark Zuckerberg reiterated Facebook’s commitment to privacy — a much harder sell today than it was a year ago — in a phone call with reporters.

“We’re taking it really seriously...We have a major security effort at the company that hardens all of our surfaces...I’m glad we found this. But it definitely is an issue that this happened in the first place.”

Zuckerberg further acknowledged Facebook’s responsibility:

“The reality here is we face constant attacks from people who want to take our accounts or steal our information...we need to do more to prevent this from happening in the first place....security is an arms race, and we’re continuing to improve our defenses.”

New PrivacyArmor feature goes live today

InfoArmor has recognized that privacy and potential social takeover scenarios are becoming more popular, which is why we are introducing a new feature today in response to this news. We had originally planned to release our social account takeover feature in January 2019, but all PrivacyArmor Plus participants will now receive alerts for social account takeover.

Our social media Artificial Intelligence alerts users about posts made in their name that frequently indicate account takeover. It will also detect suspicious changes to an account name, username, profile image, or background image, changes that may indicate the account has been hijacked.

Social account takeover is part of our Social Media Monitoring feature will monitor Facebook, Instagram, Twitter, and LinkedIn. Those with family accounts will be able to monitor accounts across the whole family, they just need the family member’s login credentials for each site

Actions you should take

If you use PrivacyArmor's Social Media Monitoring feature and Facebook logged you out of your account, you will also need to reauthenticate your Social Media Monitoring connection to Facebook. If you haven't yet connected your social accounts to Social Media Monitoring, now is the time!

At this time, Facebook hasn’t indicated any action you can take to further protect your account. In fact, Rosen stated that there is no need for users to even reset their passwords. According to the tech juggernaut, passwords were not impacted by the security incident.

Finally, there are many best practices you should follow when it comes to managing your social media. You can learn about them in our complimentary guide, Protecting Your Privacy: Best Practices for Mobile, Social, and Search. We’ll keep you posted of any updates in the coming days.

 

 

  
New Call-to-action
At InfoArmor, we believe everyone deserves the right to privacy, security, and above all else, peace of mind. This is why we’re proud to offer industry-leading solutions for employee identity protection and advanced threat intelligence. From enterprise to employee, InfoArmor redefines how organizations combat an ever-changing cyber threat landscape. If you’d like more information on how we can help your organization protect its most valuable assets, reach out. We’d love to hear from you.