In a major cyber security breach, almost 50 million Facebook accounts were affected, Facebook said on Friday. The social networking company said it has already fixed the vulnerability and informed law enforcement.
The company discovered a loophole in the one of their features -‘View As’- which allowed cyber criminals to gain control of the affected accounts. The ‘View As’ enables users to see what their profiles look like to others. As a precaution, Facebook has temporarily disabled the feature.
“People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened. There’s no need for anyone to change their passwords. But people who are having trouble logging back into Facebook — for example because they’ve forgotten their password — should visit our Help Center,” said Facebook.
You must have received a mail from Facebook-
One of the measures that Facebook users can take right now is to log out of all sessions (if using multiple devices) and log in again. Or they can simply reset your passwords right now and add two-step verification.
“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security,” said Guy Rosen, VP of Product Management at Facebook, in a blog post.
Facebook says the cyber attackers used the ‘vulnerability’ on the site and this allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are similar to digital keys that allows users to stay logged into Facebook in the background and don’t need them to re-enter their password every time they launch the application on their phone or use it on a browser.