Facebook reports 50 million users affected by security bug
Published : 29 Sep 2018, 02:58
U.S. social media giant Facebook said Friday that its 50 million users could be directly affected by a new security bug found by its security team a few days ago.
The company said its security engineers discovered on Tuesday that "attackers exploited a vulnerability in Facebook' s code that impacted "View As," a feature that lets people see what their own profile looks like to someone else."
The security issue could let hackers steal Facebook access tokens used by Facebook users as login digital keys and then take control of their accounts, Facebook said in a blog post.
As a precautionary measure, Facebook said it has reset the access tokens of the 50 million accounts and an additional 40 million accounts that used the "View As" feature in the last year.
"As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login," said Guy Rosen, vice president of product management at Facebook, adding they will also be notified of what happened at the top of their News Feed.
He said the company took this incident "incredibly seriously" and has taken steps to fix the security problem and alerted law enforcement.
Facebook said it has begun investigation, but it has not determined whether these accounts were misused or any information accessed.
"We also don't know who's behind these attacks or where they're based," Rosen said.
Facebook CEO Mark Zuckerberg said Friday in his Facebook account that the company had fixed the security vulnerability Thursday night to "prevent this attacker or any other from being able to steal additional access tokens."
Friday's announcement is the latest setback for Facebook over the past year when it has been constantly grappling with challenges concerning user data privacy and how it handled information on the platform.
Earlier this year, Facebook was involved in a huge scandal after a former British data analytics company Cambridge Analytica had illegally accessed the data of more than 87 million users, which were alleged to be used to help Donald Trump's 2016 presidential campaign.
The incident raised concerns about how digital ads and information were targeted toward potential voters during the election campaign two years ago.
Zuckerberg appeared at a hearing in U.S. Congress in April to explain Facebook's privacy policies.
Facebook has reported 2.23 billion monthly active users worldwide as of June 30 this year.