Facebook in Trouble Again, Data Breach the Size of 50 Million
Facebook has informed users of a huge data breach impacting more than 50 million people. The breach took place three days earlier, on 25th of September. The social media company has denied any knowledge of what type of information has been compromised. It has admitted in an updated statement released yesterday that the hack impacted those who use Facebook as a tool to log into other accounts.
Users affected by the breach were logged out of their Facebook account yesterday. The entity has informed that it would also alert the affected people in a message on top of their news feed regarding the breach. Facebook has also logged out users who have used the ‘View As’ as a “precautionary measure”. According to the social network platform, 40 million people or more will need to log back into their accounts.
Out of the 50 million affected users, a good number could be Indians as well. Facebook has already been having trouble in the vast Indian market owing to the recent Cambridge Analytica data-breach scandal, for which, CBI’s preliminary enquiry is still in progress. The social media platform has also been facing flak in India as the platform has often been used to spread fake news.
Experts are saying the upshot could be extensive since apart from Facebook, hackers could have gained access to accounts that are logged into via Facebook. In India, Facebook’s single sign-on feature lets users connect to third party apps that include Swiggy, Zomato, BigBasket, Hotstar, Tinder, Nykaa, SonyLIV, RentoMojo, FreshMenu, Chai Point, Quora, Snapchat, HealthifyMe, and Dominos, and many others. Users are able to login to these apps just by logging into Facebook. They do not have to create a unique profile for each app.
According to the Statista website, the social network platform has garnered around 270 million users in India by the end of July. While it remains an uncertainty as to what kind of data was hacked, there is a good chance that many of the affected accounts are from India.
Facebook has recently announced the appointment of Ajit Mohan as its India vice-president and managing director. Mohan, who was Hotstar’s former chief executive, was chosen after the post of Facebook’s India head had remained vacant for a year. Mohan might have a lot of work coming his way in the coming year.
According to reports, the breach resulted from attackers finding a vulnerability in the code of the feature called ‘View As’. This feature allows users to see how other users view their profile. The vulnerability enabled the attackers to steal Facebook access tokens, which are the equivalent of a digital key, which then gave them access to user accounts. Facebook has now secured the vulnerability and started an investigation.
ET quoted cybersecurity and privacy researcher Dr Lukasz Olejnik, who warned that the impact could be wider. “There is a potential risk of a second tier leak… It is too early to reason about the extent of any possible leaks but access tokens, in principle, allow total control over user accounts, possibly also involving third party apps where the user has been logged via Facebook login.”