Once again, Facebook has been caught in a data breach scandal after it announced hacking of the site, affecting around 50 million accounts.
Facebook announced yesterday that their team discovered a security issue that affected almost 50 million accounts. The hack took place few days ago on September 25, for which Facebook says that it wanted to inform everyone about the problem and the action taken.
As the blog post explains, because of a vulnerability in the site’s ‘View As’ feature, which allows users to see what their profile looks like from someone else’s view, the attackers were able to steal access tokens that would provide entry to people’s personal accounts.
The ‘access tokens’ keep users logged into Facebook on their devices, saving them having to re-enter their passwords every time they want to use the social media site. The hack led to Facebook already resetting the access tokens. This means that if a user was affected by the hack, they will be automatically logged out of their Facebook account, and from the other apps that use Facebook to login such as Instagram.
Between the 50 million victimized accounts and the 40 million users whose accounts Facebook reset as a ‘precautionary step’, approximately 90 million users were logged out of their Facebook accounts yesterday.
Facebook further clarified that though the users would have to log back into their accounts, password change is not necessary. “If you’ve forgotten your password or are having trouble logging in, you can access your account through the Help Center,” wrote CEO Mark Zuckerberg.
The blog post stated that affected users ‘will get a notification at the top of their News Feed explaining what happened’ after they log back in. Also, the ‘View As’ feature that led to the hack, has been disabled for the time being. If a user tries to access it, an error notification appears stating that it has been temporarily disabled.
Moreover, the firm mentioned that since they have just begun investigation about the attack, they are still yet to determine if these accounts were misused, and who is behind the attack.
“People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened,” the post read.