Skip to main content

Facebook security issue affects 50M user accounts

The ACSC is aware of a security issue affecting 50 million Facebook user accounts whereby a flaw in the 'View As' feature allowed attackers to steal Facebook access tokens, which could be used to take over user's accounts. Access tokens are the equivalent of digital keys that allow users to remain logged into Facebook.

Alert status

'This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted the "View As" feature', Facebook stated on their website.

Facebook say they have fixed the vulnerability and have informed law enforcement agencies.

To minimise the risk of further breaches, Facebook users should log out of any associated websites that use Facebook credentials. Users should visit the 'Security and Login' section on Facebook to make any changes.

The impact to Australian users is unknown at this stage.

Head of ACSC, Alastair MacGibbon, is reminding people to watch out for possible phishing attacks. 'Australians should keep a look out for any unusual activity from friends or family on their Facebook accounts.'

'This is a timely reminder for Australians to be constantly wary of criminals seeking to exploit their personal information online.'

The ACSC is working closely with the Privacy Commissioner to establish if Facebook has violated any terms in the Privacy Act 1988.

Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it