Facebook announced on Friday afternoon that a “security issue” had led hackers to access nearly 50 million accounts.
In a statement, Facebook VP of Product Management Guy Rosen announced that hackers had exploited a “vulnerability” in Facebook’s “View As” feature, which allows users to view their profiles from the vantage of another user. Rosen said Facebook discovered the breach on Tuesday, and that they still don’t know who was responsible for the hack.
“Our investigation is still in its early stages,” Rosen wrote. “But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
Facebook said it had “fixed the vulnerability,” and forced the nearly 50 million to log back in to their accounts. The company also announced that it was “resetting access tokens” for an additional 40 million accounts “that have been subject to a ‘View As’ look-up in the last year,” bringing the total number of accounts affected to roughly 90 million.
Good god. FB says almost 50M user may have had their account breached by hackers. More info from FB coming soon. https://t.co/YcSoLv91ua
— Kurt Wagner (@KurtWagner8) September 28, 2018
The attack appears to represent the largest security breach Facebook has ever encountered, at least in terms of accounts potentially accessed.
Needless to say, the vulnerability comes amidst an already difficult year for Facebook, whose reputation on matters of data security and misinformation is in shambles. On the backs of massive data breaches and fake accounts from foreign governments, Gizmodo also revealed this week that Facebook had been sharing users’ phone numbers with advertisers — as well as the phone numbers that users listed as their safety contacts.
Facebook’s stock has already dropped 3 percent today. With the announcement — and the revelation that Facebook has no idea who was behind the breach — the price is likely to only plummet further.