Facebook discloses security breach affecting 50 million users

With all these $billions Facebook makes every year, can't they afford a good internet locksmith to prevent intruders?

To all those still using your FB acct to log in to many of your other accounts... please stop. That's just stupid on steroids.

Been programming computers since I was 14.

I find it cute when you tell me to "get educated".

Facebook will only sell the information you opted to provide yourself. There's no mechanisms whatsoever to "steal" anything from you. The problem, the real problem, are people with a "show-off" mentality exposing every single details about their private life, can't really blame a marketing network to exploit general public stupidity.

It's absurdly simple to keep private life private whilst keep using marketing networks disguised as "social media". Btw AdBlock software is very easy to install and configure.

So glad I deactivated my Facebook account. I mean, Facebook has been a sinking ship for years, and this is just further proof that people seriously need to abandon ship and swim to shore. The Facebook team doesn't care about its users. It just cares about bringing in the bling-bling through spamming adverts and selling user data on the sly. They hve far more than enough money to prevent these data breaches from ever happening, but that costs money, and Facebook wants to hold onto as much of that as possible.

It doesn't matter whether you have a facebook account or not, but if one of your friends, contacts, etc has your number and name, and if they shared that with Facebook either purposely or accidentally then you are impacted. Your mobile phone number identifies you as an individual and is used to provide targeted advertising information, "etc" based upon other details harvested from your friends account's interactions - potentially also with you, and your own personal interactions with other Companies willing simply to share phone number but not name data to Facebook.... or simply ip address, when all put together in a central nexus you can build up a lot of information about an individual.

Welcome to the Real world - George Orwell and Mark Zuckerberg will probably end up being mentioned often in the same texts in future along with various Government spying agencies that we haven't yet even heard about. Time will tell.

And. Various Internet Companies, are attempting to ensure that they have your bonafide mobile number associated with your email account ... why ? Who's getting a cut out of the information sharing, and from which facebook appears to be tapping into. Microsoft will soon become a focus upon attention here as they try to enforce this.

Ever seen those Login with Facebook account prompts on your web page... if you have done that, then you are impacted. So, good luck.... and now, just for your information, there's also talk that these hackers have also obtained access to those 3rd party account sources too. Various Governments may be a bit concerned too if that is true... tax offices, could soon be inundated with "my account was hacked, excuses"..... this therefore becomes a huge issue, making the ending to that film "Fight Club" seem like a mere blip, though perhaps more we are trending towards the prophecy of a more recent, TV Series - "Mr Robot".....

This interconnectivity of weak-points in a complex security chain breaks a lot of misconceptions and we will soon find a lot of people rushing around with red faces trying to explain how they missed this. And all those people with Facebook accounts will begin to wonder WTF. So wrt internet usage, I think it's probably safer being in China as at least the Government has purportedly control and everyone knows that, and if you mess with it, then you end up getting sorted out - maybe its time to make the internet less free/wild-wild-west like and more controlled ? Especially if we're going to build reliance of key systems upon it.

Finally, Relevant to Japan, I currently do not know why the Japanese Government is not jumping up and down on this one with their strict PIPA laws - as by not doing so, those Laws become questionable as too the Officers that are supposed to enforce them.

Bail on Facebook before its to late!

Some comments here are funny; people been watching too much Hollywood movies about hackers and visiting too many conspiracy theory hyped websites.

No reports of hijacked profiles, no reports of direct messages being leaked (or threats of such action).

I’d wager that Facebook detected this and shut it down before anyone could actually do anything.

Facebook is built on php 

While they do still have PHP remnants in their stack, it’s misleading to suggest that it’s a core part these days.

there's also talk that these hackers have also obtained access to those 3rd party account sources too

Using revoked tokens? Yeah, good luck with that... anything not already taken or used is worthless without working credentials.

Scary. People think that internet gave them more freedom, while the actual scenario is closer to Orwell 1984.

How does a facebook data breach equate to the internet being like 1984?

I think you’re confusing what has happened here - there is no connection to Facebook doing anything shady.

But it I do agree with the point you are making about PII. Europe’s GDPR is probably the biggest legal improvement in human rights since the internet began. I expect at least some of the Facebook users affected are European based which is why they have had to announce this so quickly (even before the full internal investigation is completed)

Penalize Facebook.

Let's be clearer. THE specific issue in this article is common in the industry. There wasn't any malicious intent by FB. Complex code is difficult to fully understand, especially when different teams working on different areas (login vs video vs View-As) are involved.

I have no issue with people choosing to use facebook and input all their information, public and private, if they like. That is their choice.

I do have an issue with facebook gathering and capturing data for people who specifically choose NOT to be part of it. Same for all cloudy webapps or smartphone apps. If someone doesn't sign up or proactively agree to have their data captured, it is wrong, if not illegal, to capture that data. Is it more wrong to use it in any way.

*I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove's office, a number Mislove has never provided to Facebook. He saw the ad within hours*.

Ref: https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051

I'm so glad I never got a Facebook account, even though JT suggests "Use your Facebook account to login," lol

Attend any Black Hat or DefCon conference and get educated. In Japan, look for the #DCG893 group.

Scary. People think that internet gave them more freedom, while the actual scenario is closer to Orwell 1984.

It isn't just facebook. All free cloudy services have this issue. Twitter, insta-whatever, google-whatever anything with free storage or free interactions. All those "free" games? They are making money by selling your private data and not just the amount of time you spend playing. The game is just a way to get their code onto your device. From there the tracking begins.

Those IoT devices have lots of access to your home network and leak information too. Many have huge security flaws that allow external access. Home cameras, children's toys, smart-TVs, thermostats, door locks, anything that needs the internet to work should be suspect.

The voice activated devices are constantly listening to your conversations, sending them to internet servers to be converted from speech into text commands. What happens to all that text? What about the non-command things heard? Consumers have zero control over what happens to it.

People saying to relax and not worry have some interest in continued "follow the sheep" behavior/use of these things. Zuckerburg says to trust facebook and that they take security very seriously. Internet security it hard, especially when the business has to be available to the world. But facebook isn't all bad. They won a ruling against the FBI trying to force access to WhatsApp encrypted communications this week. The FBI wanted facebook to alter their code to make wiretaps possible. https://www.schneier.com/blog/archives/2016/03/possible_govern.html and https://www.reuters.com/article/us-facebook-encryption-exclusive/exclusive-u-s-government-seeks-facebook-help-to-wiretap-messenger-sources-idUSKBN1L226D The court ruled that facebook didn't need to comply. Because the case is not public, we only know the results, not the court's reasoning.

If you aren't paying for a service, then you are the product being sold. But with some devices it is better to get you to pay AND sell your data (smart TVs, Alexa-powered devices, Google-home devices).

Be careful out there. Please.

Making incorrect claims in the face of documented proof to the contrary doesn't display vast intelligence of the subject.

https://www.fastcompany.com/90243244/facebook-could-be-breaking-eu-law-by-using-shadow-data-for-ads

Facebook previously denied that contact information from users’ “shadow profiles” could be used to target ads, then confirmed that it was possible after hearing of Hill’s experiment with Mislove, she wrote.

How does a facebook data breach equate to the internet being like 1984?

It doesn't when you provide the data.

It does when they take the data from people who never signed up and sell it to anyone with a checkbook, including Govts.

Facebook has been selling data from people who never signed up and they've been stealing data from our contacts to fill in the gaps for these "shadow accounts." For example, a security researcher was able to prove that Facebook had created a shadow account which tied to a burner phone that was only known to one contact. Another person paid Facebook for a single-person ad, which was displayed in less than 4 hours to the correct person. That level of targeting cannot be allowed.

Facebook is built on php which has a host of large security problems. Over the years, they've moved to a different version of php, but the language still has design and security flaws. BTW, wordpress is also using php and there are over 2,000,000 wordpress sites running today which have been hacked. Php sites are hacked at 2x the rate of the next most hacked languages.