Facebook said Friday it has discovered a security issue affecting almost 50 million accounts. According to Facebook, attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else.
This allowed the hackers steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.
According to Facebook, the company has reset access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login.
After they have logged back in, people will get a notification at the top of their News Feed explaining what happened. The platform management team is also temporarily turning off the “View As” feature to allow for a thorough security review.
Facebook claims it is yet to determine if any of the affected accounts were misused, or any information accessed. According to Facebook, they don’t know who’s behind these attacks or where they’re based.
Recently, Facebook revealed that political consulting firm Cambridge Analytica had improper access to personal info for up to 87 million user accounts.
Senator Mark Warner (D-VA) Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, issued a stern reprimand to Facebook over today’s revelation.
“Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures,” said Warner.
“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. As I’ve said before – the era of the Wild West in social media is over.”