Facebook Says It Found Security Issue Affecting 50 Million Accounts

Internal investigation shows that attackers exploited a feature in the social network's code, which allowed them to hack and take over 50 million accounts.

Facebook private security breach is under investigation.
AngieYeoh / Shutterstock

Internal investigation shows that attackers exploited a feature in the social network's code, which allowed them to hack and take over 50 million accounts.

Facebook said Friday that an attack on its network led to the exposure of information from nearly 50 million users, The New York Times reports.

The breach was discovered earlier this week. Internal investigations show that attackers exploited a feature in the social network’s code which allowed them to hack and to take over user accounts. Facebook fixed the security flaw and contacted the authorities.

The identity and the origin of the attackers is not yet known, according to Facebook.

This discovery comes amid threats of government regulation, and after the Cambridge Analytica scandal that had already worried users sensitive about their data and privacy.

“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Zuckerberg said following the Cambridge Analytica data breach, which affected up to 87 million Facebook users. Evidently, the Facebook founder and CEO has failed to deliver on his stated responsibility.

More than two billion people around the globe use Facebook every month, The New York Times notes — with another two billion separately using Instagram and WhatsApp, which Facebook owns.

In a post published on Facebook‘s corporate blog, the company addressed the latest breach, noting that the investigation is still in its early stages. It is, however, clear that the attackers explored the “View As” feature, Facebook notes.

Facebook took the blame, admitting that the attackers exploited “the complex interaction of multiple issues in our code,” which stemmed from changes that Facebook had made to its video uploading feature.

“View As” allows users to see what their own profile looks like to someone else, but it allowed hackers to steal access tokens, and take over user accounts

“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” Facebook explained.

The access tokens of the almost 50 million accounts Facebook knows were affected have been restarted. The company is also taking precautionary steps, restarting the access tokens for another 40 million accounts that have been subject to a “View As” look-up.

Furthermore, the “View As” feature has been temporarily disabled, Facebook said.

“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” the company wrote, before apologizing to its users — and vowing to better protect user data in the future.

The stock market has already reacted to Facebook’s newest security breach. According to CNBC, the company — which was already trading down about 1.5 percent before the announcement — extended its losses to 3.4 percent after the disclosure.