Facebook has revealed that they have discovered a security issue that is affecting almost 50 million accounts.
On September 25, Facebook’s engineering team have discovered that attackers have exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. The vulnerability allowed the attackers to steal Facebook access tokens which they could use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.
Facebook has already fixed the vulnerability and informed law enforcement of the hack. The company has also reset the access tokens of the almost 50 million accounts that they know were affected, and have also reset access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year.
As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. This explains why plenty of users experience being logged out of their account.
Facebook says that after users log back in, they will get a notification at the top of their News Feed explaining what happened. The company has also temporarily turned off the “View As” feature while they conduct a security review.
As of the moment, Facebook is yet to determine whether the affected accounts were misused or any information accessed. They’re also yet to find out who’s behind the attacks.
source: Facebook
