Facebook fell victim to a severe data breach earlier in September 2018, giving the perpetrators access to no less than 50 million accounts on the world’s largest social network. What’s even scarier is the likelihood that the attackers might have gained the ability to take over the affected users’ accounts — even if temporarily. The company acknowledged that its engineers detected an anomaly in its servers on Sep 25, 2018, leading to the discovery of the breach. However, Facebook took about 48 precious hours before patching the vulnerability on Sep 27. It has since promised that all affected users will be notified about the breach.
Here’s the important part — if you are automatically logged out from your Facebook account over the last couple of days or so, there is a strong possibility that you were one of the 50 million victims of this recent attack.“I’m glad we found this and fixed the vulnerability”, Mark Zuckerberg commented during a conference call with reporters on Sep 27. He added: “But it definitely is an issue that this happened in the first place. I think this underscores the attacks that our community and our services face.”
In case you are wondering how nasty was the attack, experts are saying this might very well be the most severe data breach Facebook has encountered till date.
Apparently, the attackers managed to get away with an important security key known as “access tokens,” which enables users to stay logged into their Facebook accounts over multiple browsing sessions without having to re-enter their passwords again and again. And here’s the scary bit — these stolen tokens gave the perpetrators the ability to gain full control over the accounts of the affected users.
Facebook has also confirmed that it has informed law enforcement agencies about the breach and investigations are already underway.