back to article Facebook: Up to 90 million addicts' accounts slurped by hackers, no thanks to crappy code

Facebook confessed today that buggy code potentially exposed all of its users' accounts to hackers over the past 14 months. It reckons miscreants snooped on least 50 million people's private profiles, and perhaps as much as 90 million. In a security note posted Friday morning, the social media giant's VP of product management …


  1. tiggity Silver badge

    Hard to avoid FB slurpage

    I'm not on FB (no surprise there)

    But difficult to stop others, who are on there, posting information about you (including images), sharing their contacts and so publishing your phone number.

    Fortunately SO is also not on FB, so has number of my second SIM, that I don't make available to general data spilling friends.

    Does not stop my "main" number getting owned by FB, but does mean I have a "private" number.

    Biggest irony is that (ex directory) landline number is private as everyone we know only has mobile number, nobody asks for (or is given) landline (bar "need to know" people such as bank, solicitor)

  2. Wolfclaw Silver badge

    I can hear the chanting in the backgrond ... GDPR FINE ... GDPR FINE and the EU beaucrats lining up to spend the billions !

    GDPR been waiitng for the first of the big boys to royally screw up, now time for the 2-4% annual global turnover, even the mighty Zuck who knows nothing and sees the world through his rose tinted FB VR goggles, must be crapping his pants !

  3. Bruno de Florence

    It's I.T., but not as we know it, Jim.

  4. Sidney FFF

    No logout for me?

    I've certainly used the "View As" feature in the last year and wasn't logged out by Facebook.

  5. steviebuk Silver badge

    I don't...

    ....dislike Facebook itself. It's a system, it's useful for some people (family members keeping in touch with people across the world) and from a programming point of view having done a little years ago and being shit, it amazes me how complex these systems get, but I choose not to use it in the normal sense of use it.

    I used to use Friends Reunited before Facebook become so big. I hated how people from school on there were the same knobs they were in school. I also hated how narcissistic it seemed to make people. Have avoided it ever since. I now only use it when a site insists the only way you can login with them or post comments is via a Facebook account so then a dummy one gets created & used.

    I understand they should be keeping everyone's data private etc. but the service is free, people choose to use it. I bet loads of the users that currently use it would stop if it suddenly introduced a subscription model. But I guess all users do have a right to moan when Facebook is only worth what it's worth because of all it's users, free or not.

    I'm surprised Zuckerberg is still even there. With all that money I'd just get out while you still can before it all comes crashing down like MySpace. And I just couldn't be arsed with the aggro. But then that's probably also why I'd never succeed in business.

    1. Wayland Bronze badge

      Re: I don't...

      "I'm surprised Zuckerberg is still even there. With all that money I'd just get out while you still can before it all comes crashing down like MySpace. And I just couldn't be arsed with the aggro. But then that's probably also why I'd never succeed in business.


      Exactly. You've gotta be a bit power hungry to want to keep doing that work.

      I think the current big boys are arranging legislation to prevent upstarts and so they can carry on with impunity no matter how crap they become.

      1. JDX Gold badge

        Re: I don't...

        I thought Zuck was a proper nerd who would be bored by all the business stuff and would sell out. But then Bill Gates was a proper nerd and he stayed for decades.

        It's easy to ascribe power hunger but I don't know either got into IT for that purpose. Perhaps they both share the same sense of genuinely caring and thinking what their companies do is important. Gates always seemed pretty passionate.

  6. JDX Gold badge

    Imagine being the one who figures it out

    Facebook spotted the hole after it noted a suspicious "spike" in user activity on Tuesday. The attack was "fairly large scale," it admitted, and when it investigated the cause, it discovered hackers were using the site's API to automate the process of grabbing users' profile information.

    I'm sure many of us have had on a much smaller scale has an "oh crap" moment (formatting the wrong drive, etc, etc). But the process from seeing that spike to figuring out what is happening must involve a pretty substantial sinking feeling!

  7. Mattt

    Possibly exploitable before July?

    I was one of the "lucky" few who had their accounts hacked. I took a look in the "Logins and Logouts" section of the Activity Log (which is buried about 6 clicks deep) and spotted that there had been lots of logOUTs from China, Adis Ababa, Russia, Vietnam, etc. since June and possibly earlier (no data before the end of May because, GDPR). No logins from these locations at all, so I received no warnings - presumably Facebook only checks for suspicious logins only (and warns if the appropriate setting is enabled) and ignores logouts altogether, so I was none the wiser.

    Has anyone else spotted the same pattern in their Facebook login/logout history? Curious to know if anyone else had this activity prior to July.


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019