MENLO PARK (CelebrityAccess) — Facebook Inc. on Friday revealed that earlier this week it had discovered a security breach that had affected almost 50 million user accounts.
“Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” the company said in a statement released on Friday afternoon.
Facebook said that the investigation into the attack was still in a preliminary stage and they were unable to determine if any of the affected accounts were misused, or what customer information had been compromised.
The company has taken three immediate steps in the wake of the compromise, including cooperating with law enforcement and disabling the feature that provided access to the hackers. As well, they’ve reset access tokens for any of the potentially compromised accounts.
News of the breach is the latest in a series of public missteps for the social media giant that have undermined confidence in the company, and led, in some cases, to congressional inquiries.
Previous revelations for the company have included the Cambridge Analytica scandal, in which Facebook allowed a developer to hand over data from as many as 85 million users profiles to a third party, and the admission this week that after prompting users to provide phone numbers for ‘security purposes’, Facebook had then sold those phone numbers to advertisers.
Following news of the breach, Facebook stock dropped by more than 2%.