Facebook Says Hackers Accessed Information Of 50 Million Users In Latest Data Breach

Sep 28, 2018
Originally published on September 28, 2018 7:28 pm
Copyright 2018 NPR. To see more, visit http://www.npr.org/.

AUDIE CORNISH, HOST:

We learned today that Facebook has had a new security breach, and the company says it affects almost 50 million accounts. As a precaution, Facebook is logging off those accounts and about 40 million more. The company says no passwords were stolen, but NPR's Alina Selyukh reports the full scope of the attack is unclear.

ALINA SELYUKH, BYLINE: Facebook says hackers exploited three separate security gaps to gain access to the code that allowed them to take over millions of user accounts. The security gaps came together in the feature called View As which allows users to see how their profile page looks to someone else. The hackers were able to get what's called access tokens. These are digital keys that, for example, let you stay logged in on the Facebook app without having to re-enter your password. The most important thing that we don't know is to what extent the hackers actually used their access to the accounts. Here's Facebook CEO Mark Zuckerberg.

(SOUNDBITE OF ARCHIVED RECORDING)

MARK ZUCKERBERG: The investigation is still very early. So we do not yet know if any of the accounts were actually misused.

SELYUKH: Zuckerberg said so far, the company has not found evidence that hackers had access to any private messages or posted to any accounts, though he added that this could change as the investigation continues. Here's Guy Rosen, Facebook's executive who oversees safety and security.

(SOUNDBITE OF ARCHIVED RECORDING)

GUY ROSEN: We haven't yet been able to determine if there's specific targeting. It does seem broad. And we don't yet know who is behind these attacks or where they might be based.

SELYUKH: Zuckerberg pointed out several times how quickly his team acted given frequent accusations that Facebook moved too slowly on the Cambridge Analytica security scandal. Facebook says with this data breach, engineers discovered it on Tuesday, notified the FBI on Wednesday, made fixes on Thursday and notified the public today.

(SOUNDBITE OF ARCHIVED RECORDING)

ZUCKERBERG: It definitely is an issue that this happened in the first place.

SELYUKH: On the call, reporters posed one question to Zuckerberg several times in different ways. Why should people keep trusting Facebook? Zuckerberg seemed to search for an answer before resorting to one of his regular phrases.

(SOUNDBITE OF ARCHIVED RECORDING)

ZUCKERBERG: Security is a bit of - it's an arms race.

SELYUKH: He said the breach underscored how constant the hack attacks are and, without addressing the trust issue directly, said Facebook's security teams were working very hard.

(SOUNDBITE OF ARCHIVED RECORDING)

ZUCKERBERG: This is going to be an ongoing effort. And we're going to need to keep on focusing on this over time.

SELYUKH: The same can be said about Facebook's ongoing challenge of convincing federal and state officials that it's not too big to secure the personal data of millions and millions of users. Alina Selyukh, NPR News. Transcript provided by NPR, Copyright NPR.