Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: Zach Gibson/Getty Images

Facebook crossed into new territory on Friday as it publicly disclosed a massive security breach that gave away the keys to as many as 50 million Facebook user accounts — just months after CEO Mark Zuckerberg said such an event had never occurred on its platform.

Why it matters: The Cambridge Analytica scandal was about gaming Facebook’s systems to scrape user data. This is something different: what looks like the biggest intrusion taking advantage of flaws in Facebook’s code since the social network was created on Harvard’s campus in 2004.

Flashback: At a Senate hearing earlier this year, Sen. Cory Gardner asked Zuckerberg if Facebook had ever been hacked.

Gardner: "Have those hacks ever accessed user data?"
Zuckerberg: "I don't believe so."

That changed midday Friday, when Facebook staffers disclosed in a hastily-assembled call with reporters that bugs had allowed hackers to obtain "access tokens" — which would let them effectively take over an account — for 50 million accounts.

  • Another 40 million users saw their accounts flagged because they had been subject to an internal lookup used in the hack.
  • Facebook says it doesn't know yet whether or how the access tokens were used, but if they were used, they provided full access to the account and its data.
  • The bugs have been in place since July 2017, and Facebook says it won't know more about the timing of the activity until it completes an internal investigation.

It became clear later on Friday that the breach would have an impact beyond Facebook. On a second press call, the company revealed that if a user's account was compromised, the same access would be available to any other services a user accessed by logging in with Facebook.

  • A wide variety of popular apps — including Tinder and Spotify — allow users to log in with a Facebook account.
  • Facebook said it had reached out to major third-party apps that let users log in with Facebook accounts about the breach.

The other coast: Policymakers called for investigations into the breach.

  • “I’m alarmed by today’s news of another breach," said Democratic Federal Trade Commission member Rohit Chopra. "The cost of inaction is growing and we need answers.”
  • The agency, which is controlled by a Republican majority, declined to comment.
  • Democratic lawmakers also called for some kind of investigation.

The bottom line: Millions of Facebook users are learning that someone, for an undetermined amount of time, was able to see everything they see when they log into Facebook, and potentially other services, too. That's uncharted ground for the social network.

Go deeper

America's Chinese communities struggle with online disinformation

Illustration: Annelise Capossela/Axios

Disinformation has proliferated on Chinese-language websites and platforms like WeChat that are popular with Chinese speakers in the U.S., just as it has on English-language websites.

Why it matters: There are fewer fact-checking sites and other sources of reliable information in Chinese, making it even harder to push back against disinformation.

Pennsylvania certifies Biden's victory

Photo: Aimee Dilger/SOPA Images/LightRocket via Getty Images

Pennsylvania officials on Tuesday certified the state's presidential election results, making President-elect Joe Biden's win in the key battleground official.

Why it matters: The move deals another blow to President Trump's failed efforts to block certification in key swing states that he lost to Biden. It also comes one day after officials voted to certify Biden's victory in Michigan.

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!