Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals
Photo of moving text illustrating a data breach

Photo by Negative Space


50 Million Facebook Accounts Hacked

Facebook has acknowledged a security breach affecting 50 million users but says it has yet to determine whether the accounts were misused or any information in them accessed. Subsequently, the company admitted that the attackers would also have had access to any other account for which users had signed into using their Facebook account. This is precisely why we always recommend against using your Facebook, Google, or Twitter account to register with another Internet service—give every service its own username and password if possible.

In response to the breach, Facebook has reset the access tokens that enable users to avoid re-entering passwords on every use of the app, and it also disabled the View As feature that the attackers exploited. The owners of the 50 million affected accounts will have to log in to Facebook again, and as a precaution, Facebook reset the access tokens on another 40 million accounts.

A few additional thoughts:

  • 50 million affected users is a lot in raw numbers, but it’s only about 2% of Facebook’s 2.2 billion active monthly users.
  • Because of Facebook’s precautionary measure, if you’re forced to log in again, you have no idea if your account was in the 50 million that were affected or not. Despite Facebook’s claim to the contrary, we recommend changing your Facebook password if you do have to log in again. (And for goodness sake, if you don’t have a strong, unique password for Facebook, set one immediately!)
  • We’ll be interested to see if Facebook ends up increasing the number of affected accounts, potentially by a lot. Not that 50 million is a good number, but it’s a whole lot better than 2.2 billion.
  • Although we worry much more about what Facebook itself will do with all the data it hoovers up, situations like this bring into stark relief the fact that you should be extremely careful about what you choose to share on Facebook, given that the company cannot guarantee the security of your data.

Read original article

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 28 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About 50 Million Facebook Accounts Hacked

Notable Replies

  1. 50 million affected users is a lot in raw numbers, but it’s only about 2% of Facebook’s 2.2 billion active monthly users.

    Remember, though, that access to someone’s Facebook account gives the miscreant access to the data for that account, most of the data for every “friend” of that account, and a lot of data for “friends” of “friends” of that account. It seems likely that the number of users whose data was exposed by this breach is at least an order of magnitude larger than 50 million.

  2. An excellent point! Talk about a ripple effect. I have to assume that Facebook pays a huge amount of attention to security, since they must know that they’re one of the top targets in the world (along with Google, Apple, Amazon, and Microsoft), but it wasn’t enough in this case.

  3. The ripples propagate.

    Apparently, if you are one of the fifty million whose tokens were scarfed, and you were unfortunate enough to have used the “Log In with Facebook” feature of other apps, those accounts might be compromised as well:

  4. This issue points out the difference between Apple and Facebook on privacy. Facebook wants all of your private information in order to offer you convenience - but they get more tracking data and put you at risk. Apple wants to be your security partner and use their device in order to provide an extra layer of privacy and security.

Join the discussion in the TidBITS Discourse forum