As promised, Facebook is notifying 90 million users of an invasion of social networking systems. The notice appears at the top of the news feed, above the “Create publication” field, with a link to explain why they were disconnected.
The notice in the news feed is very generic: “Your privacy and security are important to us. We want to report on a recent action that we had to take to protect your account. ”
The link goes into more detail. “To protect your security, we may have recently signed you out of your Facebook account,” says the support article.
Facebook had to log off 50 million users because hackers stole access tokens, digital keys that could be used to control other people’s accounts. Another 40 million were disconnected just in case.
“By disconnecting people, we prevent them from using tokens to access these accounts,” explains the company. If more people are affected, they will also be disconnected and alerted to the problem.
The support article does not mention that the vulnerability was in the “See how” feature, which shows how your profile is displayed to others. It has been temporarily disabled while undergoing a security review:
Facebook does not say if there was a data leak
The hacking was discovered on September 25, and Facebook does not confirm whether there was a data leak: “we still don’t know if anyone’s information has been accessed.” The social network informed the competent authorities and continues the investigations.
Facebook says that “there is no need to change the password”, because only access tokens have been affected.
If you have been disconnected, you need to log in again. However, several people have been reporting problems: the password is not recognized, the code for two-factor authentication gives an error (or never arrives), or there is no way to publish posts.
only #Facebook thinks i am logged in but i can’t post because i opted out…
what’s broken at the moment? pic.twitter.com/QHQLewjg8t
– mc.fly (@mcflyhh) September 28, 2018
@Facebook i’ve been logged out of my account, my password isn’t working and your help center isn’t helping. Please help 😔😩
– Bekki (@bekkimistri) September 28, 2018