An overwhelming number of over 50 million Facebook users were breached in a security flaw exploited by hackers. The leading social network said it learned this week of the attack that allowed hackers to steal “access tokens,” the equivalent of digital keys that enable them to access their accounts.
Facebook chief executive Mark Zuckerberg said engineers discovered the breach on Tuesday, and patched it on Thursday night. “We don’t know if any accounts were actually misused,” Zuckerberg said. “This is a serious issue.”
As a precaution, Facebook is temporarily taking down the “view as” feature — described as a privacy tool to let user see how their own profiles would look to other people. “We face constant attacks from people who want to take over accounts or steal information around the world,” Zuckerberg said on his Facebook page.
Facebook made headlines earlier this year after the data of 87 million users was improperly accessed by Cambridge Analytica, a political consultancy. The disclosure has prompted government inquiries into the company’s privacy practices across the world, and fueled a “#deleteFacebook” movement among consumers.
Shares in Facebook fell more than 3 percent in afternoon trading, weighing on major Wall Street stock indexes.The latest vulnerability had existed since July 2017, but Facebook did not discover it until this month when it spotted an unusual increase in use of its “view as” feature.
Facebook reset the digital keys of the 50 million affected accounts, and as a precaution reset those keys for another 40 million that have been looked up through the “view as” option over the last year. About 90 million people will have to log back into Facebook or any of their apps that use a Facebook login, the company said.