The Facebook hack affecting 50 million people also let the attackers access users' Tinder, Spotify, and Instagram accounts
Photo by Chip Somodevilla/Getty Images
- Facebook got hacked, it revealed on Friday - and 50 million users' accounts were compromised.
- What's more, if the victims logged into other services - like Tinder, Instagram, or Spotify - with their Facebook accounts, those might be affected to.
- It's not clear whether the attackers did this, but the possibility may force companies that rely on Facebook's login system to launch their own investigations.
- Facebook CEO Mark Zuckerberg was among the 50 million affected users.
Life just got worse for the 50 million people caught up in what may be the biggest hack of Facebook ever.On Friday, the Silicon Valley tech firm revealed that it had detected a security breach in which an as-yet unknown attacker, or attackers, managed to gain access to tens of millions of users' accounts by exploiting vulnerabilities in its software.
Instagram, which is owned by Facebook, may also have been affected.The revelation drastically widens the potential impact of the hack, putting people's private data elsewhere across the web at risk. It may force the numerous major companies and startups reliant on Facebook's login service to audit their own systems for evidence of malicious activity as a result.
Tinder, Airbnb, and Spotify - perhaps three of the highest-profile tech companies to use Facebook's login service - did not immediately respond to Business Insider's request for comment.So what happened? In short, the attackers found a way to trick Facebook into issuing them "access tokens" - basically, digital keys - that let them access other users' accounts as if they were that user. After spotting some unusual activity earlier this month, Facebook realized what was going on on Tuesday evening and subsequently revoked these access tokens before disclosing the hack publicly on Friday - though not before 50 million people were affected.These access keys also let the attackers theoretically access any other services that someone used Facebook's login service to log in to, whether that's dating app Tinder, or a niche smartphone game, and gain access to highly personal information.
It's not clear whether this has actually occurred - when asked, a Facebook exec said only that the company was early in its investigation - but the possibility may force the other companies to undertake their own investigations into the issue.
It's also not yet clear who is behind the attack on Facebook, or whether the attacks were targeted, and the reason behind it. Facebook has now patched the vulnerabilities and revoked the compromised access tokens, forcing affected users to log back in (though their passwords haven't been compromised, the company says) and notifying them about the issue.But there are at least two high-profile victims of the hack that we know about: Facebook CEO Mark Zuckerberg, and COO Sheryl Sandberg. A spokesperson confirmed that the company's two top execs were both among the tens of millions of users affected.
Do you work at Facebook? Got a tip? Contact this reporter via Signal or WhatsApp at +1 (650) 636-6268 using a non-work phone, email at email@example.com, WeChat at robaeprice, or Twitter DM at @robaeprice. (PR pitches by email only, please.) You can also contact Business Insider securely via SecureDrop.
- Leaked Andreessen Horowitz data reveals how much Silicon Valley startup execs really get paid, from CEOs to Sales VPs
- Facebook is walking a tricky tightrope with its big bet on the next frontier in human interaction, and the future of the company could be at stake
- There's a history of clashes hidden behind the Instagram and Facebook success story that led to Monday's bombshell breakup
- Compound Interest Waiver Scheme applies to everyone but provides limited relief — Here’s everything you need to know
- Best budget truly wireless earbuds in India
- India is the most attractive emerging market for clean energy investment, says Prime Minister Modi
- Tata Motors may report loss for yet another quarter led by weak JLR sales, commercial vehicles’ pain
- Supreme Court jumps in for Amazon and Flipkart after Karnataka High Court remains mum on investigation against their anti-competitive practices for over 200 days