A discovery on the 25th September revealed that 50 million accounts, including Mark Zuckerberg’s own account, had been compromised in an attack on Facebook. Attackers tricked the website into handing over digital keys to individual accounts. This attack affected accounts that were used to authorise logins on services like Instagram and Spotify.
The exploit granted attackers visibility to profile information including names, date of birth, friends and family members as well as private photos. Currently, Facebook has been unable to determine where the attack originated from, but the sheer impact of the data breach means that Facebook are liable to a $1.63 billion fine for violating the EU GDPR law. This fine will remain in place if it is determined that Facebook did not take appropriate steps to protect their user data and this attack was successful as a result of the lack of security measures.
This is not the first time Facebook has suffered a security vulnerability that had to be disclosed to the public. A previous scandal involved an issue causing 14 million posts to be set to public without any prior intervention to do so, and a further privacy concern arose surrounding the harvesting of Facebook user personal information by Cambridge Analytica. This breach, however, is the first instance where user accounts may have been compromised by an external party by exploiting a security vulnerability.
While 90 million accounts were logged out after the breach to preserve security, we advise that you take the appropriate steps to keep your account secure. Visit your Facebook settings to see where your account is current logged in, on each service, and log them out. Users affected by the breach may be more susceptible to targeted phishing attacks and should be remain even more vigilant and aware during this time.