Almost 50 million Facebook accounts were affected by a major cyber security breach, the social networking company said on Friday. Facebook said it has already fixed the vulnerability and informed law enforcement.
The company said it had discovered a loophole in the “View As” feature which allowed cyber criminals to gain control of the affected accounts. “View As” is a popular Facebook feature that allows users to see what their profiles look like to others. As a precaution, Facebook has temporarily disabled the feature.
“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security,” said Guy Rosen, VP of Product Management at Facebook, in a blog post.
Facebook says attackers exploited a “vulnerability” in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.”
Access tokens are similar to digital keys that allows users to stay logged into Facebook in the background and don’t need them to re-enter their password every time they launch the application on their phone or use it on a brows...