Another social media headache. Facebook says almost 50 million accounts were affected in a recent breach of the social network’s security.
Facebook announced the “security issue” in a press release written by VP of Product Management Guy Rosen on Friday, September 28, saying the company’s engineering team discovered the issue three days prior.
While Facebook’s investigation is ongoing, Rosen said it’s clear hackers exploited a vulnerability in the code behind Facebook’s “View As” feature, which allows users to see what their profiles look like to other users. That vulnerability exposed access tokens — the digital keys that keep people logged into Facebook — for affected accounts.
Rosen assured users that the company had fixed the vulnerability, turned off the “View As” function pending a security review, notified law enforcement and reset the access tokens of the almost 50 million affected accounts. The company also reset the access tokens of another 40 million accounts that were subject to a “View As” look-up in the last year.
Consequently, approximately 90 million Facebook users will need to log into their accounts again, at which point they’ll get a News Feed notification about the breach.
The company is currently investigating who is behind the attack, whether the affected accounts were misused and whether any information was accessed. In the meantime, Rosen says there’s no need for users to change their passwords.
“We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security,” the exec wrote. “People’s privacy and security is incredibly important, and we’re sorry this happened.”
Facebook CEO Mark Zuckerberg addressed the breach in a public Facebook post published on Friday. “We face constant attacks from people who want to take over accounts or steal information around the world,” the 34-year-old wrote. “While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place.”
Facebook has come under fire for privacy issues multiple times over the past six months. In March, news broke that personal information from more than 87 million accounts was sold to political data analysis firm Cambridge Analytica. In April, the company admitted to collecting information on people who don’t have Facebook accounts. And in May, a bug caused the default sharing settings for users’ new posts to be set to public for around 14 million accounts.