Skip to main content

Facebook Security Breach Affects Nearly 50 Million Accounts

By October 9, 2018February 19th, 2021Cyber Insurance

On Sept. 28, 2018, Facebook announced that nearly 50 million user accounts were compromised in a data breach. The breach, which can be traced back to July 2017, is one of the largest in the company’s 14-year history.

While investigations are ongoing, the company said hackers exploited a software vulnerability in Facebook’s “View As” feature to steal access tokens and gain control of user accounts. Access tokens are effectively digital keys to specific accounts, and stealing them allows attackers to view private posts or compose status updates without the knowledge of the affected user. 

In addition, the attack allowed the hackers to see anything that users can see on their own profile, including the names and birth dates of friends and family members. Such  information could be used in future phishing attacks.

In response to the attack, Facebook reset 90 million logins automatically, fixed the software vulnerability and informed law enforcement officials. While the company says that users do not need to change their passwords, individuals experiencing login issues should navigate to Facebook’s Help Center.

As a safety precaution, users are encouraged to log in and out of all of their accounts on every device.  Users can see all of the devices they’re currently signed into here.

To learn more about the breach, read Facebook’s official blog post.

Scott Harrigan

About Scott Harrigan

Scott started his career in insurance in 1988 and joined Rue Insurance in 2004 as a Marketing Specialist focusing on creating effective risk financing and risk transfer programs for companies and non-profit organizations. In addition to this he is a member of the Rue Insurance educational team that provides ongoing professional development in critical insurance concepts and programs to Rue employees. About Scott | More Posts by Scott