Facebook announced Friday that up to 50 million accounts were breached in a security flaw exploited by hackers. The leading social network said it learned this week of the attack that allowed hackers to steal "access tokens," the equivalent of digital keys that enable them to access their accounts.
Facebook chief executive Mark Zuckerberg said engineers discovered the breach on Tuesday, and patched it on Thursday night. "We don't know if any accounts were actually misused," Zuckerberg said. "This is a serious issue." As a precaution, Facebook is temporarily taking down the "view as" feature - described as a privacy tool to let user see how their own profiles would look to other people.
"It's clear that attackers exploited a vulnerability in Facebook's code," vice president of product management Guy Rosen said in a blog post. "We've fixed the vulnerability and informed law enforcement."
The breach is the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had personal data hijacked by a political firm working for Donald Trump in 2016.
"We face constant attacks from people who want to take over accounts or steal information around the world," Zuckerberg said on his Facebook page. "While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place."