Facebook: 50 million accounts hit by security breach
The social media giant says it does not yet know whether accounts were misused or information accessed, and has informed police.
Facebook has said 50 million user accounts were affected by a security breach which potentially enabled hackers to take over people’s accounts.
The social media giant has not yet determined whether the accounts were misused or information was accessed.
Nor does it know who is behind the breach or where they are based.
Facebook said the hack was discovered on Tuesday afternoon, and stemmed from a change it made to its video uploading feature in July 2017.
Something called “View As”, which allows users to see what their profile looks like to someone else, subsequently became vulnerable.
Guy Rosen, from the California-based company, said hackers were able to “steal Facebook access tokens which they could then use to take over people’s accounts”.
In a statement on the company’s website, he described access tokens as the “equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app”.
He added: “It’s clear that attackers exploited a vulnerability in Facebook’s code.
“We’ve fixed the vulnerability and informed law enforcement.”
About 90 million people will now have to log back in, after an additional 40 million accounts, on top of the initial 50, were reset as a precautionary measure.
The “View As” feature has been temporarily turned off as the company conducts a “thorough security review”.
While an investigation is still in its early stages, Mr Rosen said Facebook was “working hard to better understand” what had happened.
“If we find more affected accounts, we will immediately reset their access tokens,” he added.
Mr Rosen said users’ privacy and security were “incredibly important”, and apologised for what had happened.
Courtesy of Sky News