Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals
Photo of moving text illustrating a data breach

Photo by Negative Space

8 comments

50 Million Facebook Accounts Hacked

Facebook has acknowledged a security breach affecting 50 million users but says it has yet to determine whether the accounts were misused or any information in them accessed. Subsequently, the company admitted that the attackers would also have had access to any other account for which users had signed into using their Facebook account. This is precisely why we always recommend against using your Facebook, Google, or Twitter account to register with another Internet service—give every service its own username and password if possible.

In response to the breach, Facebook has reset the access tokens that enable users to avoid re-entering passwords on every use of the app, and it also disabled the View As feature that the attackers exploited. The owners of the 50 million affected accounts will have to log in to Facebook again, and as a precaution, Facebook reset the access tokens on another 40 million accounts.

A few additional thoughts:

  • 50 million affected users is a lot in raw numbers, but it’s only about 2% of Facebook’s 2.2 billion active monthly users.
  • Because of Facebook’s precautionary measure, if you’re forced to log in again, you have no idea if your account was in the 50 million that were affected or not. Despite Facebook’s claim to the contrary, we recommend changing your Facebook password if you do have to log in again. (And for goodness sake, if you don’t have a strong, unique password for Facebook, set one immediately!)
  • We’ll be interested to see if Facebook ends up increasing the number of affected accounts, potentially by a lot. Not that 50 million is a good number, but it’s a whole lot better than 2.2 billion.
  • Although we worry much more about what Facebook itself will do with all the data it hoovers up, situations like this bring into stark relief the fact that you should be extremely careful about what you choose to share on Facebook, given that the company cannot guarantee the security of your data.

Read original article

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 28 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About 50 Million Facebook Accounts Hacked

Notable Replies

  1. 50 million affected users is a lot in raw numbers, but it’s only about 2% of Facebook’s 2.2 billion active monthly users.

    Remember, though, that access to someone’s Facebook account gives the miscreant access to the data for that account, most of the data for every “friend” of that account, and a lot of data for “friends” of “friends” of that account. It seems likely that the number of users whose data was exposed by this breach is at least an order of magnitude larger than 50 million.

  2. An excellent point! Talk about a ripple effect. I have to assume that Facebook pays a huge amount of attention to security, since they must know that they’re one of the top targets in the world (along with Google, Apple, Amazon, and Microsoft), but it wasn’t enough in this case.

  3. The ripples propagate.

    Apparently, if you are one of the fifty million whose tokens were scarfed, and you were unfortunate enough to have used the “Log In with Facebook” feature of other apps, those accounts might be compromised as well:

  4. This issue points out the difference between Apple and Facebook on privacy. Facebook wants all of your private information in order to offer you convenience - but they get more tracking data and put you at risk. Apple wants to be your security partner and use their device in order to provide an extra layer of privacy and security.

  5. It’s a two edged sword. Of all the companies mentioned above, Apple is the only one focuses on privacy as a unique selling proposition. Facebook gets the biggest % of its revenue from advertising and promotions, and they are paying a lot of attention to security now primarily because governments are forcing them to. Or maybe they are being convincing about it?

    For all Mark Zuckerberg, Sheryl Sandberg’s, etc., etc., apologies about flaws in their privacy systems and policies, I keep reading and seeing stuff about Facebook that make my hair stand on end (and I have long hair). Here are just two things in just the past month or so that almost made my eyes pop out of their sockets too:

    Facebook Wanted Big US Banks To Hand Over Your Data

    https://www.fastcompany.com/90214096/facebook-wanted-big-u-s-banks-to-hand-over-your-data

    (IMHO, the only reason financial services companies haven’t signed up for this is because they would suffer federally regulated mega financial penalties if anything went wrong. Facebook said they haven’t used data like this, but they didn’t say they never would use it if they had access to it, or that they wouldn’t stop trying to get this information in future.)

    And just a few days after the next to the last last big scandal, the two factor one, broke, they unveiled Facebook Portal:

    https://www.fastcompany.com/90214096/facebook-wanted-big-u-s-banks-to-hand-over-your-data

    Personally, I don’t want Mark Zuckerberg and Jeff Bezos hanging out in my home 24/7. And Facebook exists and has been wildly successful because it collects every bit of data on whoever, whenever and however that it can and sells it.

  6. cnjacobs
    Charles Jacobs

        October 4
    

    This issue points out the difference between Apple and Facebook on privacy. Facebook wants all of your private information in order to offer you convenience - but they get more tracking data and put you at risk.

    Facebook exists to sell advertising and data; they are first and foremost a data harvesting and sales company. They still hold off as long as possible on announcing any security breeches, and they haven’t exactly removed all the worst hate stuff. The more they do this, the more impact it will have on their bottom line. Facebook offers “convenience” because you are the product, whether or not you are a member.

    Apple wants to be your security partner and use their device in order to provide an extra layer of privacy and security.

    Apple exists to sell you very expensive hardware and services, and it’s becoming an increasingly good selling point.

  7. Facebook got caught with its pants down once again, this time with just announced Portal. But I doubt if anyone actually believed they wouldn’t be using that Portal will be collecting:

    It turns out that Facebook could in fact use data collected from its Portal in-home video device to target you with ads

Join the discussion in the TidBITS Discourse forum

Participants