Facebook has announced that “almost 50 million” accounts have been left vulnerable after hackers exploit a security flaw.
The company stated that this breach occurred after hackers were able to exploit a feature known as “View As” to gain access to the accounts. After this breach was discovered on Tuesday, Facebook have said they have contacted the authorities.
On Friday users that had been, or were potentially, affected were prompted to log back in to their accounts.
The firm’s head of security, Guy Rosen, wrote that the flaw had been fixed and the affected accounts reset, as well as 40 million more “as a precautionary step”.
On Friday Facebook’s share price dropped more than 3%.
What Does This Mean For Users?
Although the company would not reveal where in the world the affected users were, it has informed Irish data regulators. This is the base of Facebook’s European subsidiary.
The company stated that despite affected users having to log back into their accounts, they did not have to change their passwords:
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based.”
“People’s privacy and security is incredibly important, and we’re sorry this happened.”
But What Is The “View As” Function That Was Exploited?
This function is a security feature that allows users to view their profile as somebody else, so they can learn what others see on their profile. This makes it clear what information is available to whom, whether it be friends, friends of friends or the public.
The exploit came about because hackers discovered several bugs in this feature allowing them to, as Mr Rosen put it,
“steal Facebook access tokens, which they could then use to take over people’s accounts.”
He then added,
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
What Does This Mean For Facebook?
This breach comes after a long string of issues for Facebook, leaving them struggling to convince US lawmakers they can be trusted with people’s data.
On a Friday conference call Mark Zuckerberg said that the firm took security seriously, in the face of what he said were constant attacks by bad actors.
However, Vice-President and Principal Analyst at Forrester, Jeff Pollard asserted that the fact Facebook held so much data meant they should be prepared for such attacks:
“Attackers go where the data is, and that has made Facebook an obvious target.”
“The main concern here is that one feature of the platform allowed attackers to harvest the data of tens of millions of users.
“This indicates that Facebook needs to make limiting access to data a priority for users, APIs, and features.”
- By Eleanor Service, Editor-In-Chief
- Sources: BBC News