Facebook has suffered an attack that exposed 50 million people’s personal accounts, the company has admitted.
A vulnerability in the social network’s code meant that hackers could take over people’s log-ins and see their most private information , the company said. It said that it was sorry the potential breach had occurred.
The issue related to the “view as” tool, which allows people to see their own profiles as they would look to other people. By exploiting that, hackers could steal the “access token” that keeps people’s accounts safe and then break into them, Facebook said.
The company found the flaw on Tuesday and has only just begun its investigation, it said, meaning that it cannot say how the bug was used and who by. It did not say whether it knew who had been affected by the hack.
Anyone whose account was compromised is likely to be informed as Facebook continues its investigation. There is little that anyone can do apart from checking that an account does not appear to have been used by somebody else, and while it is good practise to change passwords regularly, that will not undo the effects of this attack.
Facebook said that law enforcement was informed and the bug had been patched. It had also completely turned off the “view as” feature for now and would reset those security codes so that anyone who broke in to an account would now
be kicked out.
That will mean that some 90 million people – the 50 million people thought to be affected, as well as further 40 million who were subject to a “view as” request in the last year – will be kicked out of their accounts and will have to log back in.
Having to do that does not necessarily mean that anyone has seen inside your account. Facebook did suggest that more people could be found to have been potentially affected, and that it was continuing it’s investigation.