Facebook experienced another privacy problem on September 25, 2018, when their engineering team discovered that almost 50 million user accounts were compromised. Further 40 million might have also been a victim of the bug the statement reads. The impact on the user is a lot higher than the previous data breach from Cambridge Analytica as this issue allowed the data breachers full control of the account compromised. Sound scary, right?
Facebook makes use of “View As” feature to allow people to view their own account as someone else from their friend list or as public. This shows your profile exactly as how they look to others. But this had a bug which allowed hackers to steal access token (something that Facebook uses so that one doesn’t have to re-enter the password every time they open their account) and took control of someone’s account.
Facebook didn’t wanted anyone unaware of the bug to exploit it further and impact more users. They in a way were protecting their userbase and also their interest to minimize the damage as much as possible.
Facebook fixed the bug in their system before they came out in public and spoke about it. They quickly informed the law enforcement agency – FBI and briefed them about the situation.
50 million user access token was rest. This is to protect these accounts from further manipulation. The company provided similar treatment to 40 million other accounts which might have been impacted by the issue.
Finally, not a solution but to give themselves more time to study what and how it might have happened, they’ve disabled “View As” feature as they go through the security review process.
Facebook stock saw a direct impact of the announcement and the bug in the system. Their stock saw a 2.59% decrease and ended at $164.46 which is $4.38 lesser from what they started on the day. It might bring in the debate with regard to the security and user privacy back which started soon after the Cambridge Analytica breach. Further implication on the user sentiment is always there.
The bug has been resolved and access token reset. This means there’s nothing for you to worry about it right now. As the hackers can’t access your account anymore even if they were doing previously from the following breach. So, unless there’s another bug or exploit, your account is safe for the moment. However, if that still sounds unconvincing to you, you can try changing your password while selecting the option which logs you out from all the devices connected.
Personal Interpretation with the inclusion of the situation details and updates from Facebook News Room.29 Sep 2018