Facebook Security Breach Allowed Hackers to Control the Accounts of Up to 50 Million Users
Facebook discovered a security issue that allowed hackers to access information that could have let them take over as many as around 50 million accounts, the company announced on Friday.
The company said in a blog post its engineering team found attackers had found a weakness in Facebook’s code regarding its “View As” feature on Tuesday. “View As” lets users see what their profile looks like to other users on the platform. This vulnerability also allowed the hackers to get access tokens – digital keys which let people stay logged into the service without having to re-enter their password – which could be used to control other people’s accounts.
Almost 50 million accounts were affected, and had their access tokens reset. Facebook also reset an additional 40 million accounts as a precautionary measure, for a total of 90 million accounts. This will require these users to re-enter their password when they return to Facebook or access an app that uses Facebook Login. They will also receive a notification at the top of their News Feed explaining what happened.
In addition, the company suspended the “View As” feature while it reviews its security, fixed the issue, and has notified law enforcement.
Facebook said it has just begun its investigation, and has not determined if any information was abused. It does not know who orchestrated the hack or where the person or persons are based. The company said there is no need to change passwords, and if additional accounts are affected, it will immediate reset that user’s access token.