Less than six months after Mark Zuckerberg was forced to testify at a Senate committee hearing about his company’s failure to protect its users’ personal data, the Facebook founder and CEO was once again informing users of a hack that may have exposed the data of more than 50 million users. In the particular case, it is not yet clear if anyone’s information or profiles were actually stolen. Facebook became aware of a security flaw that could have given hackers access to more than 50 million profiles.
The social media platform announced that it had fixed the issue and reported it to government authorities, which indicates that the security flaw had been discovered and likely exploited by a third party, rather than by Facebook. Zuckerberg released a statement acknowledging the attack, while noting that at this time, they are not sure what the hack means for users. Zuckerberg said that approximately 90 million users would be forced to manually sign back into their profiles as a security measure.
“On Tuesday, we discovered that an attacker exploited a technical vulnerability to steal access tokens that would allow them to log into about 50 million people’s accounts on Facebook,” wrote Zuckerberg in a post on his personal Facebook profile. “We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more.”
I want to update you on an important security issue we've identified. We patched the issue last night and are taking…
The breach occurred due to a flaw with Facebook’s “View As” feature, which was designed to allow users to view their own profile the way another user would. However, this unknowingly allowed third-party users to gain access to that user’s profile via Facebook’s access tokens, which let mobile users to log-in to their accounts without having to enter a password.
It’s been a terrible year for online privacy, with Google, Facebook, and other major sites experiencing security breaches that resulted in user data being compromised. This is an especially terrifying reality for parents, as the notion that your kid’s identity, photos, or data may be used without your permission is downright terrifying. While there are certain protections you can take to keep your kid safer (or at least safer) online, such as the Facebook Parents Portal, the only real way to ensure your kid is not putting themselves in danger is to engage with them from a young age and educate them about the risk that comes with existing on social platforms like Facebook or Instagram.