Facebook say 50m users left vulnerable to a new security flaw

[ItsMitch]

S: BBC | Facebook Blog

 

This is fairly new, last 5 minutes.

 

Facebook is currently investigating 50m users that was left vulnerable to a critical security flaw with a feature known as "View As" which allowed some attackers to gain access to the account. 

 

The breach was uncovered on Tuesday and Facebook has informed the authorities. The flaw has been "fixed"

Facebook's statement in their blog post. 

Quote

Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.

 

People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened. There’s no need for anyone to change their passwords. But people who are having trouble logging back into Facebook — for example because they’ve forgotten their password — should visit our Help Center. And if anyone wants to take the precautionary action of logging out of Facebook, they should visit the “Security and Login” section in settings. It lists the places people are logged into Facebook with a one-click option to log out of them all.

 

I find it funny they say peoples privacy is important, but they keep fucking up OVER AND OVER AGAIN. 

Edited September 28, 2018 by SC2Mitch

[Tristerin]

Just now, SC2Mitch said:

S: BBC

 

This is fairly new, last 5 minutes.

 

Facebook is currently investigating 50m users that was left vulnerable to a critical security flaw with a feature known as "View As" which allowed some attackers to gain access to the account. 

 

The breach was uncovered on Tuesday and Facebook has informed the authorities. The flaw has been "fixed"

 

 

I find it funny they say peoples privacy is important, but they keep fucking up OVER AND OVER AGAIN. 

I left social media a year ago after my second kid was born, needed to put the correct time into the correct things in my life.  My life experiences are so much better for it.

[iRileyx]

I wonder if this is why myself and many friends were recently(last 2 or 3 days) randomly logged out of our FB accounts and messengers, having to sign back in?

 

Edit - I just read the source and apparantly yes it is  

[ItsMitch]

Just now, iRileyx said:

I wonder if this is why myself and many friends were recently(last 2 or 3 days) randomly logged out of our FB accounts and messengers, having to sign back in?

Yup, all sign in tokens was reset. 

Quote

Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.

 

[slightlyjaded]

Someone uses facebook because of their security? oh wait soccer moms/ and dads... we're inclusive.

[wANKER]

1 hour ago, SC2Mitch said:

I find it funny they say peoples privacy is important, but they keep fucking up OVER AND OVER AGAIN. 

No system can ever be 100% fail-proof. 

 

And the recent Facebook scandal was just a 'Come and get it' to all the hooligans out there on the Interwebs 

 

(not defending them, fuck Facebook)

[TheGlenlivet]

I said it before and I'll say it again -

[Kamina]

I don't even use facebook anymore and I purged all of my posts months ago.

[wANKER]

5 hours ago, Kamina said:

I don't even use facebook anymore and I purged all of my posts months ago.

Facebook still has 'em m8

 

Download your data, you'll find messages from when you first created your account lmao

[Kamina]

15 hours ago, wANKER said:

Facebook still has 'em m8

 

Download your data, you'll find messages from when you first created your account lmao

They can't have them forever. Eventually they will have to delete old, irrelevant posts to keep up with the times.

[CTR640]

It doesn't matter. Even if 9 billion users got their data breached, those users and FB still don't and won't care. It's like FB is a lifesavior to those morons. Whatever FB is saying, they will always exist.

[Andreas Lilja]

50m users, eh? How many fake Pakistani / Indian accounts out of these?

 

Still laugh when I see an avalanche of Pakistani / Indian accounts liking something like my local gym, when there's a 10,000 km distance.

[GlobalPentahedron Corp]

Delete facebook.

Facebook never signs you out.

Facebook has your "internet fingerprint" always tracking you.

On your DNS settings set facebook.com to point to 127.0.0.1

[GlobalPentahedron Corp]

1 hour ago, Raskolnikov said:

50m users, eh? How many fake Pakistani / Indian accounts out of these?

 

Still laugh when I see an avalanche of Pakistani / Indian accounts liking something like my local gym, when there's a 10,000 km distance.

I made a fake indian account just to see how facebook would treat me, because I know millions of people all share common indian names. I friended a few indians and within 24 hours I had thousands of friends & friend requests. I also had my account suspended until I could prove to facebook I was a real person.

[YoloSwag]

On 9/30/2018 at 7:23 AM, Kamina said:

They can't have them forever. Eventually they will have to delete old, irrelevant posts to keep up with the times.

They actually archive those things. Some companies move data to slower storage that costs less to maintain. It's not relevant for the regular user but for research and analytics it actually is.

[YoloSwag]

TINFOIL HATS ON!!! -

 

They say it was stolen so they wouldn't have to explain how other companies got a hold on user data by actually buying statistics from facebook. Same goes for other social media websites. That's why some internet adds are individualized.

 

Spoiler

tHeY sAy iT wAs StOLeN!!!

*removes tinfoil hat*

[lewdicrous]

Another day, another Facebook fuck-up

[Master Delta Chief]

Facebook is getting more hate by each passing month, or for that matter a day, and for a good reason. Yet many people (including myself) still use it daily. Personally, I don't use it for 'sharing' personal stuff, but more to check up upon some news sites and what not and also in case someone needs to contact me. For the rest, it's just pure shit. Don't need all the other stuff they 'provide'. Privacy for that matter has somewhat started to die out in the recent years.

[Shally]

55 minutes ago, YoloSwag said:

They actually archive those things. Some companies move data to slower storage that costs less to maintain. It's not relevant for the regular user but for research and analytics it actually is.

Yeah, Facebook don't make money off you from adverts or purchases, they make money off your data. So you can well believe they'll keep every single bit they have on you, including your messages. 

[YoloSwag]

1 minute ago, KendoSapion said:

Yeah, Facebook don't make money off you from adverts or purchases, they make money off your data. So you can well believe they'll keep every single bit they have on you, including your messages. 

They make money from adverts using statistics that came from user data.

 

Have you not wondered why the ads you get aren't the same with your school mate or co-worker. Because it's tendered to each individual, from habits like what are the usual things you clicked the 'Like' button to or what videos you watch.

 

To give you an example, most of the ads I get on youtube and facebook pertain to video games and pc parts. While some friends of mine get make-up ads. Now how did yt and fb know that? I never answered a survey from them or told them directly but then here it is.

 

Is that clearer now?

 

[RuffRuffmcgruff]

1 hour ago, YoloSwag said:

TINFOIL HATS ON!!! -

 

They say it was stolen so they wouldn't have to explain how other companies got a hold on user data by actually buying statistics from facebook. Same goes for other social media websites. That's why some internet adds are individualized.

 

  Reveal hidden contents

tHeY sAy iT wAs StOLeN!!!

*removes tinfoil hat*

Since snowden i've been covered in Tinfoil, I wouldn't actually be suprised if this turned out to be true either.

[Shally]

1 hour ago, YoloSwag said:

They make money from adverts using statistics that came from user data.

 

Have you not wondered why the ads you get aren't the same with your school mate or co-worker. Because it's tendered to each individual, from habits like what are the usual things you clicked the 'Like' button to or what videos you watch.

 

To give you an example, most of the ads I get on youtube and facebook pertain to video games and pc parts. While some friends of mine get make-up ads. Now how did yt and fb know that? I never answered a survey from them or told them directly but then here it is.

 

Is that clearer now?

 

Yes I'm basically agreeing with you...
Many companies including Facebook can be losing money right now from adverts but it doesn't matter if their mining your data. Just like Amazon, the more data they have on everyone the more money in 20,30, or 50 years time they'll make from it. We are no longer the consumer, were the product.

[asus killer]

Should change the company name to "oops"

[Razor Blade]

I deactivated my account a long time ago. I don't "Facebook" anymore. In hindsight I wish I never "Facebooked" in the first place.

[Speed Weed]

1 hour ago, Razor Blade said:

I deactivated my account a long time ago. I don't "Facebook" anymore. In hindsight I wish I never "Facebooked" in the first place.

https://www.trustedreviews.com/news/how-to-delete-facebook-account-2950145

 

In this article said deactivated and deleted are two different things.