Facebook's 50 Million Users Got Hacked, What Happened?

On Friday, hackers gained access to nearly milions of Facebook accounts by taking advantge of vulnerabilities in the social network's software.

The accounts which have been stolen include the Facebook accounts of Mark Zuckerberg, the CEO of the Silicon Valley tech firm, and COO Sheryl Sandberg. A spokesperson confirmed that they were both among the tens of millions of users affected.

At the second conference, Facebook announced one of the most serious parts of the attack: The hackers can not only obtain the access to users' Facebook accounts, they could also connect with apps like Tinder, Spotify, Instagram and Airbnb.

The attack's influential scale has been broadened by the revealation and users' data on the web is at risk. This attack also forces the related businesses that are reliant on Facebook’s login to check their own system to search for any dangerous action.

There were no comment from the top three tech companies which use login service from Facebook, namely Spotify, Tinder and airbnb.

You surely want to know how this happened. The hackers managed to get Facebook to issue them digital keys, called "acess tokens", which help them get access to users account and take control as if they were the real users. Erlier this month, on Tuesday evening, Facebook discovered the hack as it spotted several abnormal activities. Facebook revoked the issued access tokens then announced the attack to public on Friday; however, that was after 50 million victims were affected.

The hackers used these digital keys to access any other services that use Facebook’s login service, from Tinder to smartphone game, which resulting in user’s highly private information stolen.

There's no certainty that the follow-up incident happened as a executive of Facebook only stated they were investigating. Yet, the risk may cause other companies to conduct their own check-ups.

Facebook does not know either the identity of the attackers, or if their motivation. The vulnerabilities have been fixed and the stolen tokens has been revoked, which forced users to log back in without password changed and inform users of the incident.