Facebook today announced a data breach occurred on September 25 affecting at least 50 million Facebook accounts.
The social network disclosed the breach Friday morning, issuing a statement that said an âattackâ on its system led to âthe exposure of informationâ affecting the 50 million users, according to the New York Times.
CEO Mark Zuckerberg posted a statement indicating the company had patched the vulnerabilities exploited by the attacker(s) and was investigating the incident further. This comes at a particularly inopportune time for the embattled billionaire, who recently pledged that his company would be more careful with user account data.
Guy Rosen, Facebookâs VP of Product Management described some of the details of the attack in a Facebook post:
Our investigation is still in its early stages. But itâs clear that attackers exploited a vulnerability in Facebookâs code that impacted âView Asâ, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over peopleâs accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they donât need to re-enter their password every time they use the app.
The social network logged at least 90 million users out of their accounts this morning as a security precaution, standard procedure for data breaches. It also reset account access tokens and turned off the aforementioned âView asâ feature temporarily.
Facebook says itâs continuing its investigation and will update the press and users once it has more information concerning the breach. Thereâs still no word on the origin of the attack or which specific usersâ accounts were affected.
Weâll update this post as we get more information, but in the meantime itâs probably a good idea to change your Facebook password and check your security settings.
Get the TNW newsletter
Get the most important tech news in your inbox each week.