Nearly 50 million Facebook accounts were compromised by an attack that gave hackers the ability to take over users’ accounts, the firm confirmed.
The breach was discovered by engineers with users whose accounts were affected set to be notified by Facebook.
Although the flaw was fixed, all affected accounts had been reset, as well as another 40 million as a precautionary step, this is according to the firm’s vice-president of product management, Guy Rosen.
The company indicated the breach would allow hackers to log in to other accounts that use Facebook’s system, of which there are many.
However, Facebook would not reveal where the 50 million users were based.
Facebook stated that the users prompted to log-in again did not have to change their passwords.
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based,“ Rosen stated.
“People’s privacy and security is incredibly important, and we’re sorry this happened,” he added.
Facebook’s “View As” function which is a privacy feature that allows people to see what their own profile looks to other users, making it clear what information is viewable to their friends, friends of friends, or the public.
Attackers found multiple bugs in this feature that allowed them to steal Facebook access tokens, which they could then use to take over people’s accounts, Rosen explained.
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” Rosen stated.