Facebook says security breach affected 50 million accounts

The company said that it doesn't yet know whether the breach was used by anyone to access information from those 50 million Facebook users without their knowledge.

As a precaution, Facebook is temporarily taking down the "view as" feature - described as a privacy tool to let user see how their own profiles would look to other people. Facebook said the stolen access tokens were digital keys that allowed people to stay logged in to Facebook.

Attackers exploited that vulnerability, and that allowed them to steal Facebook access tokens which they could use to take over people's accounts - 50 million of them.

In a blog post on September 28, Guy Rosen, Facebook's VP of Product Management, said the flaw was discovered by the social network's engineering team on September 25. He further stated that, the company does not know who is behind the attacks and the origin of the attackers. But not necessarily: Facebook also reset the tokens of another 40 million customers as a precautionary measure because their profiles had been viewed using the View As approach over the past 12 months.

Facebook has also disabled the "View As" feature while it conducts a security review. The firm would not say where in the world the 50 million users are, but it has informed Irish data regulators, where Facebook's European subsidiary is based.

It is not yet clear if any of those impacted by the breach are in Ireland. Given how Facebook spreads itself out over third-party applications, such as its log-on feature, this number is expected to reach much higher, however this remains speculation for the time being.

While Facebook has said users do not need to reset their password information, you may still want to do a security review of your password information on Facebook, as well as check in case anything has been changed on your account.

Facebook has also turned off the "View As" feature while it investigates. They logged back in and started posting and asking why they were logged out of their accounts.

Facebook's code was exploited by hackers who gained access to user accounts, as well as apps like Spotify, Instagram, and others that are directly connected to Facebook.

"We're working hard to better understand these details and "we will update this post when we have more information, or if the facts change", said the company. It's why we've taken immediate action to secure these accounts and let users know what happened".

  • Eleanor Harrison