Facebook says 50 million users affected by security breach
Facebook says hackers took advantage of its “View As” feature to take over user’s accounts but said it has fixed the problem
Almost 50 million Facebook accounts were affected by a major cyber security breach, the social networking company said on Friday. Facebook said it has already fixed the vulnerability and informed law enforcement.
The company said it had discovered a loophole in the "View As" feature which allowed cyber criminals to gain control of the affected accounts. "View As" is a popular Facebook feature that allows users to see what their profiles look like to others. As a precaution, Facebook has temporarily disabled the feature.
"On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We're taking this incredibly seriously and wanted to let everyone know what's happened and the immediate action we've taken to protect people's security," said Guy Rosen, VP of Product Management at Facebook, in a blog post.
How did it work?
Facebook says attackers exploited a "vulnerability" in Facebook's code that impacted "View As", a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people's accounts."