Facebook says 50 million users affected by new security breach
Hackers exploited the ‘View As’ feature on the website, the company said. The feature lets a user see how their profile looks to other people on Facebook.
Social media network Facebook on Friday said it had recently discovered a security breach that has affected about 50 million users.
The hackers exploited the “View As” feature on the website, it said. The feature lets the user see how their profile looks to other people on Facebook. “This allowed them to steal Facebook access tokens, which they could then use to take over people’s accounts,” the company said in a blog post. “Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
The company said it has fixed the problem and has informed law enforcement officials. The company’s engineers first discovered the security issue on September 25.
“We have reset the access tokens of the almost 50 million accounts we know were affected to protect their security,” the company added. “We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.”
Facebook is also turning off the feature temporarily while it reviews the security. “Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” it said. “We also don’t know who’s behind these attacks or where they’re based.”
But this is not the first time Facebook has experienced a security breach. In March, the social media network suspended Cambridge Analytica, a political data analytics firm, for violating the social media network’s data privacy policies. The British firm, worked for United States President Donald Trump’s 2016 election campaign, was found to have harvested the data of 87 million Facebook users. The company also failed to identify alleged Russian interference in the 2016 presidential election in the United States.