Facebook has said that an attack on its network has affected almost 50 million user accounts, exposing their personal information. The breach could allow attackers to take over the accounts of affected users. The full extent of the attack remains unknown at this time.
The social media giant said that the security breach was discovered earlier this week on Tuesday. The company found that the attackers had exploited a feature in Facebook’s code that impacted ‘View As’, which lets people see what their own profile looks like to others. The attackers exploited the vulnerability, which leaked Facebook access token, giving attackers access to users’ accounts.
In a conference call with reports, Mark Zukerberg, CEO of Facebook, said, “We’re taking it really seriously. We have a major security effort at the company that hardens all of our surfaces. I’m glad we found this. But it definitely is an issue that this happened in the first place.”
Currently the company’s internal investigation “is still in its early stages” and it has provided no details regarding who might be behind the attack or what user data (if any) was exfiltrated. Facebook has not revealed where in the world the affected 50 million users are, but says that it has informed Irish data regulators, where Facebook’s European subsidiary is based.
Over 90 million users were forced to log out of their accounts on Friday, which is a common security measure when accounts have been compromised. However, the users were not required to change their passwords.
The company said that it has fixed the vulnerability and has also notified law enforcement officials. It has temporarily disabled the View As feature while the company conducts a thorough security review. Facebook says that peoples’ privacy and security are very important and apologises for the incident.
The news about security breach comes at a time when Facebook is going through a rough time. It is currently facing federal investigation over its role in the Cambridge Analytica scandal in which the firm misused data from about 87 million Facebook users.