Almost 50 million Facebook users around the world have been affected by a security breach after hackers compromised the social media site’s ‘View As’ feature earlier this week.
Confirming the news in a statement on Friday, Facebook said they were taking the incident “incredibly seriously” and revealed they have logged a total of 90 million users out of their accounts as a security measure, while their investigation is ongoing.
“Attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else,”Facebook VP Guy Rosen said in a statement.
“This allowed them to steal Facebook access tokens – the equivalent of digital keys – which they could then use to take over people’s accounts.”
In response to the attack, which was uncovered on Tuesday, Facebook said they have fixed the vulnerability on the website and app and informed police about the potential access and misuse of sensitive and personal information.
Facebook have also reset the access tokens of the 50 million affected accounts, along with those of a further 40 million users who have used the affected feature over the past year. The ‘View As’ feature has also been turned off temporarily, they said.
Rosen added: “Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. If we find more affected accounts, we will immediately reset their access tokens.
“People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened.”
Facebook stressed that there was no need for anyone to change their passwords but said anyone who experiences trouble logging back into Facebook should visit their help centre.
They also suggested visiting the security and login section in settings, if anyone is worried about who may be logged into their account, where users can use a one-click option to log out of their account across all devices.