What we know about Facebook's massive security breach so far

Byby Amanda del Castillo KGO logo
Saturday, September 29, 2018
What we know about Facebook's massive security breach so far
Facebook said hackers "exploited a vulnerability" in its "View As" feature, which allows people to see what their profile looks like to another user.

SAN JOSE, Calif. (KGO) -- Social media giant Facebook will have to work even harder to regain trust from its billions of users.



A massive breach was announced Friday. Facebook said hackers "exploited a vulnerability" in its "View As" feature. The feature allows people to see what their profile looks like to another user.





RELATED: Facebook says 50 million user accounts affected by security breach



"We don't know much beyond that," CNET News Executive Director Ian Sherr said. "We do know the function of how the hack worked in very basic terms, but we don't know how long the vulnerability might have existed. We don't know what it was used for by hackers. It's very messy right now."



Facebook announced it is taking action to clean up the mess.



The company's VP of Product Management Guy Rosen posted a security update this afternoon.



RELATED: Here's what Facebook is doing to address major security issue



Facebook said the company is fixing the vulnerability and informing law enforcement.



The site explains access tokens for 90 million users have also been reset. Ultimately, those users will now have to log back in to Facebook or any of their apps that use Facebook login.



Finally, the company has temporarily disabled its "View As" feature for a security review.





RELATED: Tech giants reportedly meet to talk cyber security ahead of elections



A statement released by Mark Zuckerberg included the following: "The reality is we need to continue developing new tools to prevent this from happening in the first place."



Even though the internet has been around for quite some time, "we're still in the Wild West stage, effectively," Sherr said, "There aren't really that many consumer protections out there, especially when it comes to things like this."



Surprisingly, the major breach isn't bothering everyone.



"I very infrequently post to Facebook," resident Benjamin Nunes said. "And generally when I do, it's just pictures of me and my girlfriend. So hack away, have at it!"



RELATED: Facebook faces a day of reckoning, at least on Wall Street



Others said security is an important factor to Facebook. Without it, some users are considering "logging off" for good.



"I've been wanting to just delete anyways, because it wastes too much of my time," resident Erik Ryan said. "I don't think it makes people happy. That's why I was going to do it, but here's an added incentive, I think."



However, if you plan to stay connected, you should change your password and enable two-factor authentication. This would require you to enter a second unique code sent straight to your cell phone when you login.



Lastly, on Facebook's "Security and Login" page, you can make sure only authorized devices have access to your account and you can remove the rest.



RELATED: Facebook privacy 101: Everything you need to know to delete your Facebook, check your information and more



Facebook owns Instagram, so another big question is whether the hack impacted Instagram users as well.



Sherr said it's still too early to determine how far-reaching this hack is.



The massive breach is the latest setback for the tech giant.



Earlier this year, as ABC News reported, Cambridge Analytica, a data analytics firm once employed by the Trump campaign, improperly gained access to personal data from millions of Facebook user profiles.



Then a congressional investigation found that agents from Russia and other countries have been posting fake political ads since at least 2016. In April, Zuckerberg appeared at a congressional hearing focused on Facebook's privacy practices.

Copyright © 2024 KGO-TV. All Rights Reserved.