It logged out 90 million users to be safe
If you were unceremoniously logged out yesterday from both Facebook and Messenger, here’s why: the social media juggernaut is reporting that they’ve suffered a data breach that, at the last count, affected around 50 million users. The company first discovered the attack on Tuesday and has since fixed the vulnerability and contacted the FBI.
“We’re taking it really seriously,” Mark Zuckerberg, the company’s chief executive, said in a conference call with reporters. “We have a major security effort at the company that hardens all of our surfaces.” He added: “I’m glad we found this. But it definitely is an issue that this happened in the first place.”
The attackers exploited a vulnerability in Facebook’s “View As” feature, which allowed users to see their profile from the eyes of another user. Ironically enough, this feature that was built to give users more control over their privacy proved to be the stepping stone for attackers to potentially glean private information of up to 50 million users.
Facebook reset and logged out the access tokens for around 50 million accounts, and another 40 million users that used the View As feature since it was implemented last year.
Guy Rosen, VP of Product Management says that they’ve yet to determine if any of the 50 million accounts that were involved in the breach were misused or accessed, and as of press time the company has no idea where the attacks originated from or who is responsible for it.