On Friday, Facebook announced it has uncovered a security breach that affected 50 million users. As a result, those users plus an additional 40 million, are being asked to log back into their accounts.
Facebook notes that on Tuesday, Sept. 25, the company’s engineering team discovered a security issue affecting a limited number of users. The exploit uncovered impacted Facebook’s “View As” feature that lets people see what their profile looks like to someone else. In doing so, the hackers were able to steal Facebook access tokens which they could then use to take over people’s accounts.
The social network explains that access tokens are the equivalent of digital keys that keep people logged in to Facebook, so they don’t need to re-enter their password every time they use the app.
While Facebook’s investigation continues, it has already fixed the vulnerability and informed law enforcement. It’s also resetting tokens for 90 million accounts. After those folks have logged back in, people will get a notification at the top of their News Feed explaining what happened.
Finally, the company has announced that it’s temporarily turning off the “View As” feature while it continues with its security review.
We’ll continue to follow this story and let you know about any updates.