Make a Referral
Refer a company to BenefitMall
Press & Media Center
Get all the facts and information you need
Video Library
Watch our latest videos and demos on our new video library
The word security

Facebook Breach: 50 Million Users Affected

Facebook has had a hard year, and it just got worse. The company announced that it was compromised, and 50 million users were affected. Facebook discovered the breach on Tuesday, September 25 and reported it three days later.

All Facebook Users Should Take Responsive Action

When Facebook announced the breach, it was still investigating the situation. The company’s response to the hack affected an additional 40 million users. This should send a message to all Facebook users that they should remain vigilant in the coming days and weeks.

What Happened
This latest security breach was caused by an upgrade.

According to Facebook, “attackers exploited a vulnerability in Facebook’s code that impacted “View As,” a feature that lets people see what their own profile looks like to someone else. Using this feature allowed attackers to steal Facebook access tokens, which they could then use to take over user’s accounts.” According to Facebook’s blog, the attack exploited a complex interaction of multiple issues in the social media site’s code, stemming from a change made to a video uploading feature in July 2017.

The takeaway is simple. Any changes made to networks, software and other systems must be immediately and continually tested and monitored for vulnerabilities that may have been caused in the process. Every company no matter its size needs an effective vulnerability management program rather than the "patch and pray" approach to cybersecurity. Just because you are secure at 9:01 a.m. does not mean that will still be the case at 9:02 a.m.

Given the number of users affected, this could be described as an optics issue, but it’s a wake-up call: no matter how good your security is, hackers can find a way in. 

What Facebook Has Done:

Facebook has addressed the vulnerability and deactivated the feature that was exploited by the hackers until further notice in order to thoroughly review the issue. Ninety million Facebook users have been logged off as a precautionary measure, because the compromise affected a security feature called “access tokens,” which identify user devices and streamline access to the site for users. They have also provided a blog post about the issue, which can be viewed here.

What You Need to Know:

The investigation is still underway. You should not be alarmed if you find that Facebook has automatically logged them out. The site did this as a precaution, once they learned that user access tokens were vulnerable. The hack seemed to be geared toward account takeover, but Facebook did not indicate any accounts had been taken over at the time of the report.

What You Can Do:

• Log on to your Facebook account and make sure nothing has been altered on your Facebook account. Check your timeline, your outgoing messages and recent activity.
• Whether or not you have been logged out by Facebook, it is imperative that you create a new password for your Facebook account.
• Activate two-factor authentication.

There are no givens in today’s landscape of pervasive cyber insecurity. The best plan is to be prepared, stay up to date, always assume the worst will happen, and act when it does.

*Written by BenefitMall’s cyber security partner, CyberScout


Add your comment




Subscribe Me

Enter your email address:

Delivered by FeedBurner

First Name
Last Name
Phone #
Zip Code
# of Employees