50 Million Users Hit by Facebook Hack: Everything You Need to Know

Social media giant Facebook said on Friday, 28 September, that 50 million (5 crore) of its user accounts have been affected by a security breach. CEO Mark Zuckerberg’s account was among those compromised, reported AP.

The company says hackers exploited the "View As" feature on the service. Facebook says it has taken steps to fix the security problem and alerted law enforcement. In order to keep users accounts from getting exposed, Facebook decided to log-off over 90 million of its users, asking them to login again, without needing to change the password.

But what brought about this hack and what triggered this unexpected mishap at Facebook’s end? Here’s everything you need to know.

If you were one of the 50 million users to have their Facebook accounts logged out (mobile app), then chances are your account was affected during the hack. According to Facebook, they started noticing a spike in user activity from 16 September and noticed the possible breach on 25 September. Some users across the globe, including some in India have been informed about this incident and this is what Facebook is notifying them with.

The mishap was caused by one of Facebook’s features called "View As" that apparently had some bug, which was easy to bypass for the hackers. It’s worth knowing that even Mark Zuckerberg’s account was part of the list affected by this breach.

According to Facebook, the “View As” feature lets users see his/her profile the way other users on the platform can see it. This is similar to how LinkedIN lets you access a personal as well public viewing of a user’s profile.

The social networking giant, since the breach, confirmed that the View As feature has been taken down for users and claims to have fixed the issue that caused the hackers to access users’ profiles.

As notified by Facebook, the breach was made possible by three separate bugs in the feature, which allowed the hackers to access user tokens. User tokens are digital keys that allows users to stay logged in to their Facebook accounts without having to re-enter the password.

The biggest worry with the hack is that it has been more than few days now and Facebook is yet to determine the extent of the breach. It still has to figure out what the hackers might do with the user information and what all they have accessed till date. It also doesn’t know who’s behind the hack (surely not the Russians).

Users in the United States and various parts of Europe are broadly covered under the data protection right, with the General Data Protection Regulation (GDPR) at the forefront of the matter.

Having said that, markets like India, still devoid of a structured data protection policy could flounder with events like this, with nobody likely to be held legally liable for such mishaps. For your own safety, it’s better to apply a two-factor authentication for all logins, ensuring you aren’t directly hit by any breach of the platform.

After the Cambridge Analytica episode, the hack of 50 million accounts (Facebook has close to 2.3 billion active users), is the latest to hit Facebook and these events are becoming relentless by the day.