Facebook Hack Affects 50 Million Users; Company Faces Class-action Lawsuit

Facebook’s troubles are far from over. The social media giant already attracted a ton of controversy for the Cambridge Analytica scandal and fake news propagation, but it has revealed today that a security loophole could’ve exposed the data of around 50 million users to hackers or malicious actors.

The Security Issue

Through an official blog post, Facebook has revealed that it has discovered a potentially serious security flaw in the implementation of the user-facing ‘View As’ feature that allows you to see your profile as it may appear to others or the general public.

Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else.

The gravity of the security issue may have not hit you hard right now, but Facebook looks quite alarmed. It has found that the loophole may have been introduced back in July 2017 via the addition of a new video player and hackers may have been able to get their hands on the ‘access tokens’ (digital login information) of up to 50 million profiles.

A new version of our video uploader (the interface that would be presented as a result of the first bug), introduced in July 2017, incorrectly generated an access token that had the permissions of the Facebook mobile app.

Facebook further adds that it isn’t an engineering error and that an exploit has been found and used by some third-party hacker or malicious actor. The social media giant was made aware of the hack on 25th September, over 2 years post the vulnerability may have been introduced on the platform.

Facebook took Action!

The social media giant, in its blog post, said that it has patched up the security issue and informed the necessary law enforcement agency of the same. It has also taken steps to ensure the safety of its humongous userbase and is forcing them to relogin into their accounts.

Facebook reset the ‘access tokens’ of those affected, as well as some additional users.

Facebook is making up to affected 50 million users log back into their account to ensure their safety. So, if you’ve been asked to log back in then your data might be among the ones whose data could’ve been compromised. The social media giant is also asking 40 million more users to re-login as they have used the ‘View As’ feature over the past couple of years.

Also, the social media giant has “temporarily disabled” this feature that allows you to preview profiles on the platform to prevent any further damage, it seems. There’s currently no mention of whether any accounts have been compromised or not.

Facebook Shares Nosedive

After Facebook disclosed the potential hack of over 50 million accounts, the company’s share prices nosedived by more than 3% right away. The shares opened near the previous closing price of $168 but it was driven down to $163 when the news came in, affecting the company’s stature once again.

Facebook Sued

As if the company admitting that its ‘View As’ feature had a security flaw and it could’ve been exploited to access up to 50 million user accounts wasn’t enough, Facebook is now also faced with a string of class-action complaints.

The lawsuit has been filed by Carla Echavarria and Derick Walker respectively in the U.S  District Court for the Northern District of California. They’ve both alleged that Facebook’s lack of security has exposed their personal info, increasing the chance of identity theft. It has further been stated that the social networking giant is involved in “unlawful business practices, deceit by concealment, negligence, and is in violation of California’s Customer Records Act.”

Both of the plaintiffs are looking for punitive damages and reward penalties, along with attorney fees or expenses, for themselves and other class members. Well, it seems like Facebook was already having a bad year and this security update made it worse. So, are you likely to stop using Facebook after this or not? Let us know in the comments below.