Today Facebook admitted to a jarringly large security breach. Essentially, thanks to a perfect storm of three discreet bugs, hackers were able to use a feature known as “View As,” which lets users see their profile as other users would see them, to access other users’ security tokens and take over their accounts. According to a call with the press today, Facebook began to see an inordinate amount of accounts hijacked this way, which is what led the company to investigate the vulnerability. As many as 50 million people were impacted.
To know if you were one of those 50 million people, all you have to do is go to Facebook. If you’ve been logged out, that’s a good clue that your account was potentially impacted. Then, when you log back in, Facebook will give you a message at the top letting you know. The company logged out an additional 40 million accounts as well, who likely weren’t affected but have been subject to a “View As” lookup in the last year. Facebook’s VP of product management, Guy Rosen, told reporters that the company is also shutting down the “View As” feature as an added security caution.
Facebook says it has already patched the bugs, so users don’t need to take any action themselves. Still, 50 million people may have had their accounts taken over, which is very disturbing. When asked why users should still trust Facebook with their data, given this and other breaches over the last year, all Mark Zuckerberg could say was, “This is a very serious issue–we’re very focused on addressing it.”
The company is in touch with law enforcement, including the FBI, to try and figure out who is behind this attacks. The investigation is early and ongoing.
Still, the question remains: How long will it take until users decided enough is enough?