Facebook suffered an attack on its computer network that affected 50 million people. The social network logged out 90 million users, forcing them to log in again, but it still doesn’t know if there was a data leak. Hackers used a flaw that allowed them to take control of the profile of others.
In a statement, Facebook explains that hackers used a vulnerability in the “See how” code to see how your profile will be displayed to others. This allowed them to steal access tokens and then take control of the accounts. Tokens “keep people logged in so they don’t have to re-enter their password,” explains the company.
Therefore, Facebook reset the tokens of 50 million accounts that were affected by the failure. In addition, as a precaution, the social network canceled the tokens of over 40 million people who, in some way, were involved in the “See how” feature.
In total, 90 million people have been affected, and will have to log in again. They will see a notice at the top of the news feed explaining what happened.
Facebook says it does not know the origin or identity of the hackers, and is in the early stages of investigation. The company discovered the flaw last Tuesday (25), fixed the vulnerability, and contacted the authorities. For now, she doesn’t know if there was a data leak.
The “See how” feature has been temporarily disabled until Facebook completes a security review.
Facebook disconnects users after being hacked
Since Thursday (27) at night, several users have been logged out of Facebook and Messenger, and need to log in again. Some report that they do not receive the SMS code for two-factor authentication; others are faced with a news feed full of old posts.
THE Down Detector gathers complaints about services like Facebook, and the number of complaints has peaked in the past 24 hours. 61% of users report having login problems. A map shows that Brazil is among the affected regions, as well as the USA and Europe.
And there are strange problems, suggesting that Facebook is restoring old backups of your data. “Facebook logged me out, said my session had expired,” says a user at Down Detector. “When I logged in again, I saw a profile photo from years ago and a totally different feed.”
Complaints have been building up on twitter. Some users say they were suddenly logged out, but managed to get back to Facebook. Others report that they have been released more than once.
There are still cases where the login does not work. “I can’t log in to my account,” explains a user at Down Detector. “It says my password is incorrect, but it won’t let me recover it or reset it.”
Others are unable to receive the code for two-factor authentication. “It requires that I log in with a code sent to my cell phone, but I didn’t receive it”, reports a user at Down Detector. “I can’t access the code to log in. Your text messaging system isn’t working, ”says Carrie Black on twitter.
Have you been logged out of Facebook? Did you have trouble signing in again?
– Tita Makibaka?? (@TitaMakibaka) September 28, 2018
FaceBook… It logged me out, and will not let me back in. Does not recognize my password, says I entered the recovery code too many times, even after 1 try. It gives me giant error message. now, they do not answer! pic.twitter.com/9yzcFD037C
– Ani Ashford, Awenglow (@awenglow) September 28, 2018
Oh thank god. Yeah it won’t log me in and I tried to reset my password and it says my account doesn’t exist pic.twitter.com/nQ9wf1noWV
– Lo (@ artschool86) September 28, 2018
Facebook logged me out and turned on two factor authentication but no texts came to my phone. I finally got in on a pc by asking for a call (same number). If 2f worked I would leave it on, but since it doesn’t work I had to turn it off #facebookdown
– Pamela Mack (@pammack) September 28, 2018
Updated at 2:30 pm