Facebook has announced at least 50 million user accounts may be at risk after hackers exploited a security vulnerability on the site. The company is still in the early stages of investigating this latest security flaw and it announced that law enforcement has been notified.
The company said in a blog post Friday that it discovered the bug earlier in the week. The bug is part of the site’s “View As” feature that lets a user see their profile as someone else. Facebook has switched off the “View As” feature in the meantime while it investigates the bug further.
The bug allowed hackers to obtain account access tokens, which are used to keep users logged in when they enter their username and password. Stolen tokens can allow hackers to break into accounts.
Facebook said that the bug has been patched, and to be cautious, it had reset the access tokens from 50 million user accounts. Additionally, it also reset the access tokens from another 40 million Facebook accounts that had accessed the View As feature within the last year. A total of 90 million people were forcibly logged out of their Facebook accounts as a precaution, the company said.
When users log back in, they will be greeted with a notification in their News Feed with details about the attack. Facebook said that it is temporarily turning off the View As feature while it investigates this incident.
Facebook has shared more details: hackers would have had access to third-party apps through compromised accounts.
uh this is bad: Facebook telling reporters now that this hack disclosed earlier today would have let hacker login to third party apps through a compromised Facebook account
so basically a Cambridge Analytica redux situation we’re potentially looking at
— Alex Heath (@alexeheath) September 28, 2018