Facebook has logged 50 million users out of their compromised accounts today, along with 40 million more as a precaution, and frankly you might want to just not bother logging back in again. This latest forced detox from the increasingly controversial social network comes as Facebook admits a security glitch in one of its profile privacy features could’ve allowed hackers to gain access to the accounts of millions.
The irony that it’s the “View As” tool – specifically designed to give users more visibility as to what exactly they’re sharing and who can see it – which was compromised by attackers is, I suspect, something Facebook engineers aren’t quite ready to laugh about yet. The social network itself was responsible for the loophole, inadvertently creating it last year with changes to its video upload system. Now it’s been fixed, and an investigation begun, but the damage may already be done.
For Facebook users, the first signs of something amiss will probably be when you try to access the social network today. Facebook has reset the access tokens – the way by which you’re “remembered” by the site on a device, and thus don’t have to log in every time – of 90 million people, and so they’re going to have to scratch their heads and try to recall their password.
The promise is also that there’ll be a notification explaining what went wrong and what Facebook is doing. “After they have logged back in, people will get a notification at the top of their News Feed explaining what happened,” Guy Rosen, VP of Product Management at Facebook, said today. We’ve heard at least one report of someone needing to log back in and not seeing that message, however, though it’s unclear whether they were logged out because of this particular attack or for another reason.
Talk about bad timing…
The hack – or “security issue” as Facebook would rather describe it – couldn’t really come at a worse time for the site. A federal probe potentially including the FBI, SEC, FTC, and DOJ is reportedly underway in the US, examining how Facebook handled private data that was used by Cambridge Analytica to allegedly help sway voters in the 2016 US Presidential election. Some politicians are already calling for new regulations to be applied.
Just this week, meanwhile, it was revealed that Facebook has been using the cellphone number people signed up to two-factor authentication (2FA) with for advertising purposes. Another investigation showed just how one Facebook user could inadvertently be allowing all of their friends’ data to be tapped for adverts too.
I can’t help but think that this is all a strong hint that it might be time to cool off our relationship with Facebook. Hacks happen, certainly: wherever there’s a sizable cache of user data, there’ll be a group of people eager to get their hands on it however they can. That, though, combined with the mercenary way the site deals with information shared with advertisers, though, is an altogether tougher thing to stomach.