The company said it has fixed the code vulnerability and reset the access tokens of nearly 50 million accounts that is as yet known to be affected. The attackers gained the ability to "seize control" of those user accounts, Facebook said, by stealing digital keys the company uses to keep users logged in. Facebook reset all 50 million, as well as tokens for an additional 40 million as a "precautionary step".
Facebook said on Friday that up to 50-million accounts were breached in a security flaw exploited by hackers. They will be notified why at the top of their News Feed.
The "View As" feature has been temporarily turned off as the company conducts a "thorough security review".
Facebook's confirmation says that almost 50 million accounts were directly affected by the hack.
All of this comes when Facebook's stock among users is continuing to fall amid ongoing privacy concerns and the knowledge that it was used to meddle in the 2016 USA election.
"We've fixed the vulnerability and informed law enforcement".
Jake Williams, a security expert at Rendition Infosec, said the stolen access tokens would have likely allowed attackers to view private posts and probably to post status updates or shared posts as the compromised user, but not passwords. "We need to prevent this from happening in the first place".
This is why over 90 million users, including yours truly, had to log back in to the Facebook app.
"We're taking this incredibly seriously and wanted to let everyone know what's happened and the immediate action we've taken to protect people's security", the message states. If you had to log into Facebook through a venue that doesn't normally require a login, there's a good chance your account was affected.
Facebook isn't suggesting that anyone change their passwords.
"Since we have only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed", he said. The vulnerability had existed since July 2017, but Facebook did not discover it until this month when it spotted an unusual increase in the use of its "view as" feature.