A security flaw enabled the accounts of 50 million Facebook users to be taken over, the company has admitted in a statement today.
Discovered on Tuesday 25 September, Facebook claimed in a statement today that the flaw has now been fixed. The attackers took advantage of a security flaw in Facebook's ‘View as' feature, which enables people to view their own accounts as other people see them. Access tokens - digital keys - could then be taken, enabling attackers to takeover the accounts.
In the statement, Guy Rosen, vice president of product management, said that the company had taken a number of steps to fix the problem. "First, we've fixed the vulnerability and informed law enforcement.
"Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We're also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a "View As" look-up in the last year.
"As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.
"Third, we're temporarily turning off the ‘View As' feature while we conduct a thorough security review."
Rosen added that the security flaw stemmed from a "complex interaction of multiple issues" in the app's code, and went back to some changes introduced to Facebook's video uploading feature in July 2017.
However, it's unclear what use the attackers may have made of the compromised accounts. "We have yet to determine whether these accounts were misused or any information accessed. We also don't know who's behind these attacks or where they're based," added Rosen.
The admission comes just days after the company admitted that it had used mobile phone telephone numbers provided for two-factor authentication to surveil those users when they used the internet and to target them with adverts.
It has also sought other ways with which to connect people's identities and their real-world phone numbers in order to track them online.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago