A security flaw enabled the accounts of 50 million Facebook users to be taken over, the company has admitted in a statement today.
Discovered on Tuesday 25 September, Facebook claimed in a statement today that the flaw has now been fixed. The attackers took advantage of a security flaw in Facebook's ‘View as' feature, which enables people to view their own accounts as other people see them. Access tokens - digital keys - could then be taken, enabling attackers to takeover the accounts.
In the statement, Guy Rosen, vice president of product management, said that the company had taken a number of steps to fix the problem. "First, we've fixed the vulnerability and informed law enforcement.
"Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We're also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a "View As" look-up in the last year.
"As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.
"Third, we're temporarily turning off the ‘View As' feature while we conduct a thorough security review."
Rosen added that the security flaw stemmed from a "complex interaction of multiple issues" in the app's code, and went back to some changes introduced to Facebook's video uploading feature in July 2017.
However, it's unclear what use the attackers may have made of the compromised accounts. "We have yet to determine whether these accounts were misused or any information accessed. We also don't know who's behind these attacks or where they're based," added Rosen.
The admission comes just days after the company admitted that it had used mobile phone telephone numbers provided for two-factor authentication to surveil those users when they used the internet and to target them with adverts.
It has also sought other ways with which to connect people's identities and their real-world phone numbers in order to track them online.
New ice grows faster but is also more vulnerable to weather and wind
With a crackdown on cheats is coming in November, PUBG rushes to fix matchmaking problems introduced in Update #22
New material uses carbon dioxide from the air to repair and reinforce itself
Apparent presence of scandium, vanadium and yttrium less than three light years from black hole 'an optical illusion'