Facebook says sophisticated hack exposed data from 50 million user accounts

Facebook says sophisticated hack exposed data from 50 million user accounts
Facebook announced that it found a sophisticated hacking scheme affected 50 million user accounts this week. CEO Mark Zuckerberg vowed to step up security measures moving forward. (Drew Angerer/Getty Images)

In a statement released Friday, Facebook announced that the accounts of nearly 50 million users had been impacted by a security issue discovered earlier in the week. The company says hackers were able to steal and utilize log-in keys for profiles using a sophisticated scheme.

What are the details?

Facebook VP of Product Management Guy Rosen issued a statement on the company’s website, explaining that once the security breech was discovered, it “fixed the vulnerability,” reported it to law enforcement, and reset the access tokens for the affected accounts as a precautionary measure.

Access tokens, Rosen explained, “are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password.” The company is still investigating to determine whether any of “these accounts were misused or any information accessed.”

During a call with reporters after the announcement, Facebook CEO Mark Zuckerberg said, “The reality here is we face constant attacks from people who want to take over accounts or steal information…we need to do more to prevent this from happening in the first place.

“We’re going to keep investing very heavily in security going forward,” he vowed.

The social media giant has faced numerous security breeches and privacy scandals in recent years, with Zuckerberg admitting to CNN in April, “This is going to be a never-ending battle. You never, ever solve security. It’s an arms race.”

Anything else?

Zuckerberg’s own Facebook account has been the target of hackers, with one back in 2011 accessing the CEO’s status page and posting the message, “Let the hacking begin.”

But also on Friday, a professional Taiwanese hacker, Chang Chi-yuan, announced he was abandoning his plans to livestream an attempt at hijacking Zuckerberg’s account this Sunday.

Chang finds bugs and gets paid for reporting them, but his declaration of his intent to take over Zuckerberg’s account gained worldwide attention when Bloomberg reported his announcement on Wednesday.

Then the indie hacker got cold feet.

“I am canceling my live feed, I have reported the bug to Facebook, and I will show proof when I get bounty from Facebook,” he told Bloomberg. “There will still be a lot of people questioning my ability even after I find many bugs and earn a copious amount of bounty, and I shouldn’t try to prove myself by toying with Zuck’s account.”