Facebook announced that it had uncovered a new security flaw that allowed hackers to take control of as many as 50 million user accounts. The company is still in the early stages of investigating this latest security flaw and it announced that law enforcement has been notified.
“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts,” the company said in a statement. “We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.”
The flaw stems from the way access tokens are handled. Access tokens are digital keys that allows users to remain logged into their Facebook accounts without having to re-enter their passwords every time. However, due to the way Facebook’s code handles the “View As” feature, the company said that hackers may have improperly taken over people’s account. The View As feature allows
Facebook said that the bug has been patched, and to be cautious, it had reset the access tokens from 50 million user accounts. Additionally, it also reset the access tokens from another 40 million
When users log back in, they will be greeted with a notification in their News Feed with details about the attack. Facebook said that it is temporarily turning off the View As feature while it investigates this incident.
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” the company said. “We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details.”
This is the latest security scandal to hit Facebook. The company was also involved in the Cambridge Analytica data scandal earlier in 2018. In that incident, the data of as many as 90 million users were affected.
- Experts fear ChatGPT will soon be used in devastating cyberattacks
- Hackers dug deep in the massive LastPass security breach
- Hackers stole $1.5 million using credit card data bought on the dark web
- MacBook butterfly keyboard lawsuit: are you eligible for a payout?
- Apple’s iCloud encryption update hasn’t pleased everyone