Here's Why You Got Logged Out Of Your Facebook Account (Hint: A Major Hack Has Happened)

Around 50 million Facebook accounts have been compromised.

  • Cover image via FB

If you've been logged out of your Facebook account and asked to sign back in, it's because some 50 million user accounts have been compromised after Facebook suffered a major hack this week

In a blog post, Facebook's vice president of product management Guy Rosen said:

"On the afternoon of Tuesday, 25 September, our engineering team discovered a security issue affecting almost 50 million accounts.

"We're taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.

"Our investigation is still in its early stages. But it's clear that attackers exploited a vulnerability in Facebook’s code that impacted "View As" a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people's accounts."

While the full extent of the massive security breach remains unknown, it affects more than just a user's Facebook account

For example, if your account was impacted it means that a hacker could have accessed any account - including Instagram - that you log into using Facebook.

In a second, follow-up conference call with reporters on Friday, Facebook revealed this information, which drastically widens the potential impact of the hack.

Basically, hackers are now believed have access to other services in which a person used their Facebook account to register, including apps like Tinder, Spotify, and Airbnb.

While it is not yet clear whether this has actually occurred, the possibility may force the other companies to undertake their own investigations into the issue.

Image via Instagram

Coming back to the part about if you were logged out

The reason you were logged out of your account because Facebook invalidated the access tokens for the 50 million affected accounts.

It was a safety step - after patching the security vulnerability - taken by Facebook to ask users to log back in to access their accounts again.

In a post on his account, Facebook Founder Mark Zuckerberg addressed the issue, writing, "As a precautionary measure, even though we believe we've fixed the issue, we're temporarily taking down the feature that had the security vulnerability until we can fully investigate it and make sure there are no other security issues with it."

While the security breach impacted around 50 million accounts, the precaution taken by Facebook - resetting access tokens - means around 90 million people will now have to log back into Facebook, or any of their apps that use Facebook Login.

Said to be the largest hack in Facebook's history, it also affected accounts of Mark Zuckerberg and Facebook COO Sheryl Sandberg

However, it's unclear who has been affected, what kind of data has been stolen, or who carried out the attack, according to a report in the BBC.

"The firm would not say where in the world the 50 million users are, but it has informed Irish data regulators, where Facebook's European subsidiary is based. The company said the users prompted to log-in again did not have to change their passwords."

Here's a video of Guy Rosen, VP of Product Management at Facebook, sharing details about the hack and the steps they took:

Guy Rosen, VP of Product Management

Posted by Facebook on Friday, 28 September 2018

Meanwhile, in light of the hack, Chester Wisniewski, Principal Research Scientist at Sophos, a security company, shared how the truly concerned people should use this hack as a reminder to review all their security settings on Facebook and outside

"In something as big and complicated as Facebook, there are bound to be bugs. The theft of these authorisation tokens is certainly a problem, but not nearly as big of a risk to user's privacy as other data breaches we have heard about or even Cambridge Analytica for that matter.

"As with any social media platform, users should assume their information may be made public, through hacking or simply through accidental oversharing. This is why a sensitive information should never be shared through these platforms," he said.

Leave a comment