50 millions, this is no longer an impressing number these days (sarcasm)

Most of them were probably bots..

FB shares drop 3%

Given that they're worth over $400B, I wonder how much value could have been 'acquired' if that 50M had been in the billions? I suppose a chunk of the value is in how people interact in the site, or across the web where FB can see them.

Kind of to be expected from a company whose slogan is, "Done is better than perfect."

Since it allowed attackers to take over other people's accounts and it is still unknown whether or how they might have used the data that made available, it is anyone's guess what kind of changes may result on the part of users.

The biggest mistake a user can make nowadays is use their Facebook login credentials to sign in to other services or apps.

Ideally, never use the same username/password for more than one site. And never allow any browser to store your passwords.

All your username/passwords should be unique and change them each every 90 days. Write them down on a piece of paper, put it in a mayonaise jar and bury it in a 6' hole in your backyard at midnight (not during a full moon.)

Pinterest insists that you ( in order for you to see what stolen images of yours are there ) create an account, and places a grey "modal" over the page that you land on with log in with facebook and login with google "ultra prominent"..the far safer and less "snoopy" create an account and log in options, are far smaller , almost ( but not quite ) hidden on the page..

[edited by: not2easy at 1:32 pm (utc) on Sep 29, 2018]
[edit reason] topic drift [/edit]

While the breach is egregious and underlines a critical lack of security consideration and oversight on the part of FB it is not surprising. It is pretty much business as usual for FB and most other enterprise sites/platforms.

What jumped immediately to my mind were
(1) the value of an automated data mining crawl of those accounts and the sites that can be logged in via FB - will be interesting to follow what does or doesn't show up as available
in the dark underbelly.

(2) the vulnerability of the FB abused 2-factor phone numbers. And a couple other vectors. Cleanup of access vulnerabilities may not be as simple and straightforward as they think.

As the Web Churns is such an over the top soap opera it makes culebrones/telenovelas look bland.

It does provide lots of opportunities to indulge in popcorn though!

It's the first breach since the GDPR was enforced (some accounts belong to EU citizens)... so the EU should address this according to the new GDPR rules, and sanctions.

When you're talking about significant data breaches, such as this, the E.U. will investigate.

Ireland’s Data Protection Commission, which is Facebook’s lead privacy regulator in Europe, said Saturday that it has demanded more information from the company about the nature and scale of the breach, including which EU residents might be affected.

[wsj.com...]

Users have to take responsibility, too, and it's not just down to "the state" to deal with these. Very slowly, users are waking up to the fact that using one system to link through to other services is not a good idea. They can also vote with their feet.

One day, Facebook will show declining stats, and not just because of breaches, but because of "trust" or lack of trust.
I've already seen people I know that have closed their accounts, some citing trust issues, some citing the time-suck element of social media.

The number of potentially affected EU accounts is less than 10% of the 50 million accounts in total potentially affected by the security breach.

[twitter.com...]

It still represents ~5 millions EU users.

Facebook publishes and update on the data breach, and it's clear that this is probably being taken much more seriously, especially following the Cambridge Analytica debacle. To Facebook, credibility is on the line.

We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.

Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens – were automatically protected when we reset people’s access tokens. However, out of an abundance of caution, as some developers may not use our SDKs — or regularly check whether Facebook access tokens are valid — we’re building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out.

This is a good reason to use official SDKs to help protect the services.

It is bigger than FB has let on. In the last week I have seen so many FB accounts hacked it isn't funny. Even my wife said if you get an private message from someone don't open it. I asked her why, she said look at mine they were all hacked. She had a screen full of them. Bet it ends up 10 times the number FB has reported maybe more than that.

There is a recent viral hoax of "fake" warnings from people on your Friends List who claim they received a new Friend Request from your account. There is an official FB warning at the top of the Newsfeed but the warnings hoax is widespread and growing.

If you got one of those messages, there are a couple of things you can do: First, check on your friend’s account and make sure it’s not a clone of their real account (if you search their name and find two completely identical accounts, that’s a pretty good sign that one is a clone). And if you were messaged by a “clone” of your friend, then report [facebook.com] that account to Facebook -- cloned accounts violate Facebook’s Community Standards.

Viral type alarming warning hoaxes are up since this news came out.

Update time because FaceBook says [newsroom.fb.com] they have now completed their investigations into what data was accessed and will be notifying users whose private information was found to have been accessed. They have not ruled out smaller scale attacks, so there may be more to report, but the findings from this initial stage after closing the loophole are available now.

From their report on the 30 million people whose data is known to have been accessed:

For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles). For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.

And if you were messaged by a “clone” of your friend, then report that account to Facebook -- cloned accounts violate Facebook’s Community Standards

There is another bot (or the same one) messaging everyone with an exact match message saying the other profile is fake and if you get a message from them, report it.

So the clone is trying to kill off the original. I've received 3 of those.

Supposedly there is a FB page to check if your username/password are among those breached.

Apparently, this is "only" 29 millions account.

[abcnews.go.com...]

The number has been further downgraded to "14 millions" and the FBI is investigating and asked FB to NOT reveal what they have learned. So, the question now is were these state actors, more merely criminal types? We already know they were rude.

Sadly, closed my FB account last month, so that means what little I ever let FB have might have been picked up in this event ... and since I am no longer on the product might never know what they might let me know. :)

Oh, well... life goes on.

...what little I ever let FB have...

Well that's the FB ruse, that they let you control how much personal info you disclose.

They, Facebook themselves, collect much more info on you than you agree to. It's been discovered that FB had your search history, home address, phone numbers, browsing history, etc that 3rd parties got their hands on for some users.