Were you one of the 90 million logged out of Facebook at the weekend?

Posted on October 1, 2018

 

On Saturday morning, I was surprised to see that I had been booted out of my Facebook account and was directed to a page where I was asked to asked to register, as though I were a new user. I didn’t think anything of it, but it appears I wasn’t the only one.

Via its newsroom, Facebook has confirmed that nearly 50 million accounts were found to be threatened by a security issue last week, and that many more could have been at risk. Among them were the accounts of myself, our Technical Director Darren and, not entirely surprisingly given his previous lax attitude to his own cyber security, Facebook CEO Mark Zuckerberg.

Company Vice President of Project Management Guy Rosen admits there was a code “vulnerability” affecting the ‘View As’ function of Facebook pages. This setting allows users to look at a person’s page as though they were somebody else, but it appears that in doing so, Facebook troublemakers were able to seize what Facebook calls ‘access tokens’. These allow users to log in temporarily and (supposedly) securely without re-entering their password, but could obviously cause chaos if acquired by hackers.

Facebook says that it has fixed the problem and reset the access tokens for the 50 million accounts it knows to have been at risk, along with another 40 million as a precaution. This actually means that 90 million users in total had to log in again following Facebook’s measures, so if you were one of them, there is some ambiguity over whether your page was directly at risk or was identified as one of the 40 million acted upon as a safeguard.

Either way, it’s a little disconcerting to learn that people were able to access details potentially affecting tens of millions of users’ online security, and one wonders how many other Facebook ‘vulnerabilities’ are waiting to be discovered. Appropriately, today is the start of European Cyber Security Month, and it appears that Facebook and other social media sites are going to have their work increasingly cut out as time advances and cybercrime becomes more of an issue. Indeed, this was over the same weekend in which a Taiwanese hacker had threatened to live stream himself hacking into Zuckerberg’s account before announcing he had cancelled the plans.

It’s a reminder that as individuals, we all have a responsibility to protect ourselves online by choosing secure passwords, watching who we share details with, and logging out of accounts where we can, particularly on shared devices. We also have a right to expect watertight security measures from major websites like Facebook, however, and while it seems that the site acted just in time, a more proactive rather than reactive approach to deterring cybercriminals might be a little more comforting.

John Murray

Content Team Leader at Engage Web
John works for Engage Web as a Content Team Leader and regularly contributes to the website and programmes of his beloved Chester F.C.

Like us on Facebook to see more posts like this

You might also be interested in:

No Comments »

There are no comments on this yet, be the first to write a comment.

RSS feed for comments on this post. TrackBack URL

Have your say!

We have worked with:

minute-man-press-image
TEL: 0345 621 4321