Facebook Security Error Leaves 50 Million User Accounts Exposed
Facebook Inc has discovered a security flaw affecting about 50 million user accounts which could have allowed attackers to take over the accounts, the social networking company said on Friday.
Facebook has since fixed the vulnerability and informed law enforcement, it said.
Attackers stole Facebook access tokens through its “view as” feature, which they could then use to take over people’s accounts. “View as” is a feature that allows users to see what their own profile looks like to someone else.
A vulnerability in the social network’s code meant that hackers could take over people’s log-ins and see their most private information, the company said. It said that it was sorry the potential breach had occurred.
Anyone whose account was compromised is likely to be informed as Facebook continues its investigation.
There is little that anyone can do apart from checking that an account does not appear to have been used by somebody else, and while it is good practise to change passwords regularly, that will not undo the effects of this attack.
Facebook has reset the access tokens of the 50 million affected accounts, it said. As a precaution, the company has reset access tokens for another 40 million accounts that have looked up through the “view as” option in the last year.
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” the company said in a blog post.
Facebook shares fell 3 percent to $163.78 in afternoon trading, weighing on major Wall Street stock indexes.
About 90 million people will have to log back in to Facebook or any of their apps that use a Facebook login, the company said.
Facebook also said it was temporarily turning off the “view as” option.