New York: Facebook on Friday said that it has recently discovered a security breach affecting nearly 50 million user accounts. The social media giant admitted it was this week only that it learned of the attack that allowed hackers to steal ‘access tokens’ which are the equivalent of digital keys that keep people logged in to Facebook so they do not need to re-enter their password every time they use the app. Also Read - Sports Minister Kiren Rijiju Donates One Month Salary in Fight Against Coronavirus Pandemic
“It’s clear that attackers exploited a vulnerability in Facebook’s code,” vice president of product management Guy Rosen said in a blog post. “People’s privacy and security is incredibly important, and we’re sorry this happened,” he said. “Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else,” he added further. Also Read - Amid Coronavirus Lockdown, Facebook's Portal TV Video Chat Device Sold Out
Facebook chief executive Mark Zuckerberg informed engineers discovered the breach on Tuesday, and patched it on Thursday night. “We’ve fixed the vulnerability and informed law enforcement,” he said. Also Read - Facebook-owned Instagram Now Working on Disappearing Text Messages
Claiming that this is a serious issue, Zuckerberg said, “We don’t know if any accounts were actually misused. As a precaution, Facebook is temporarily taking down the ‘view as’ feature — described as a privacy tool to let user see how their own profiles would look to other people.”
“We face constant attacks from people who want to take over accounts or steal information around the world,” Zuckerberg said on his Facebook page. “While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place,” he added.
Notably, the security issue was discovered on September 25.
Issuing a statement, Facebook said, “We have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a ‘View As’ look-up in the last year.” As a result, around 90 million people will now have to log back into Facebook, or any of their apps that use Facebook login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.
“We’re temporarily turning off the ‘View As’ feature while we conduct a thorough security review,” Facebook said. The social media giant said that it does not know who is behind this massive security attack. “We’re working hard to better understand these details and we will update this post when we have more information, or if the facts change,” said the company.
This is by far the biggest-ever security breach after Cambridge Analytica scandal wherein, data of nearly 87 million people was breached upon.
(Inputs from Agencies)