50m users compromised in huge security breach (Facebook)

Nearly 50m Facebook accounts were compromised by an attack that gave hackers the ability to take over users’ accounts, Facebook revealed on Friday.

The breach was discovered by Facebook engineers on Tuesday 25 September, the company said, and patched on Thursday. Users whose accounts were affected will be notified by Facebook. Those users will be logged out of their accounts and required to log back in.

The security breach is believed to be the largest in Facebook’s history and is particularly severe because the attackers stole “access tokens”, a kind of security key that allows users to stay logged into Facebook over multiple browsing sessions without entering their password every time. Possessing a token allows an attacker to take full control of the victim’s account, including logging into third-party applications that use Facebook Login.

More info: https://www.theguardian.com/technology/2018/sep/28/facebook-50-million-user-accounts-security-berach

I was one of the people who got logged out, so I guess I am hit. At first, I thought “oh nooooo” because everytime something bad happens on my FB account I get logged out first. But it turns out I was simply hacked by having my token stolen. How does that even happen?

1 Like

If i had stolen 50mil tokens i would try make money out of it somehow, that would have been the incentive to hack in the first place. So what did the hacker get out of this?

IDK. They have said they discovered this bug due to “unusual account activity” so whoever had access to them was using them for something.

I got logged out 3 or 4 days ago too…I had a bad feeling about it when I saw it. Should I be worried?


Not sure. They said it was a bug in their new “view as” feature, where you can view your profile as someone else. I am guessing there was a leak of data, as I don’t think phishing/spoofing 50m users is feasible.

1 Like

Same thing happened with me. I got logged out twice.
well, whatever the breach was, if the hackers had access to the data.
imagine what can one do with 50m emails and phone numbers :smiley:

Turns out the hack is bigger than they thought :smiley: Basically, who ever did this, found a vuln in Facebooks login service. Holy crap.

this issue not just extended to faceebook, even many instagram accounts got loged out. Which results in bots too :stuck_out_tongue:

1 Like

I wonder what the real story is. Remember, Facebook will try to downplay this, so the reality may be much worse.