Facebook says it was hacked, and 50 million user accounts have been affected. “On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts,” said Guy Rosen, VP of Product Management at Facebook, in a security update on Friday.
Attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts, says Mr. Rosen.
Facebook says the company has fixed the vulnerability and informed law enforcement. Facebook has also reset the access tokens of the accounts. As a precautionary step, Facebook is resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login, says the company. The “View As” feature is temporarily turned off, while Facebook investigates more.
You can find the security update by Facebook here: https://newsroom.fb.com/news/2018/09/security-update/
[Image courtesy: Facebook]