On Friday Facebook disclosed a widespread security breach which said hackers or other malicious third parties illegally accessed as many as 50 million facebook accounts.
The social media giant said it’s forcibly making around 90 million users log back into their accounts today to stay secure.
The social media giant in a statement said, "On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts," reads the statement. "[It's] clear that attackers exploited a vulnerability in Facebook’s code that impacted 'View As', a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts."
Facebook VP of product management Guy Rosen speaking about the issue said, "We did see this attack being used at a fairly large scale. The attackers could use the account as if they are the account holder.” He further said, "It stemmed from a change we made to our video uploading feature in July 2017, which impacted 'View As.' The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens."
He moreover informed that There's no need for anyone to change their passwords.
The statement mentioned that Facebook has started the investigation, but they have yet to determine whether these accounts were misused or any information accessed. It also doesn't know who's behind these attacks and from where they are from.
The 50 million affected users were logged out of Facebook to reset their access tokens on Friday. Facebook is applying the same technique for another 40 million accounts whose profiles were viewed using the “View As” feature in the past year.
The breach was exposed six months after it was revealed that the Facebook data of another 50 million users was exploited by a company called Cambridge Analytica during the 2016 US presidential election. However, that case was different as the Cambridge Analytica collected the data from a Cambridge University researcher who shared it violating Facebook’s terms and conditions. But the breach took place in a bug in Facebook’s own code. It poses serious threat about whether its safe to share personal information on the social media such as your email address or the names of your relatives.
The Company's CEO Mark Zuckerberg in a statement said, “We face constant attacks from people who want to take over accounts or steal information around the world. We need to continue developing new tools to prevent this from happening in the first place.”
The world’s largest social networking site, which has 2.23 billion monthly users, has been struggling for some time concerning security and privacy issue.