Last week, 50 million Facebook accounts were compromised after hackers found a gap in security. Connected to the site’s “View As” feature, which allows users to see what their profile looks to someone else, the issue enabled hackers to obtain access tokens and break into accounts.
In response, Facebook reset the tokens of the affected accounts, as well as an additional 40 million as a precaution. The “View As” feature has also been disabled until the exact cause is determined.
Guy Rosen, Facebook’s vice president of product management, stated:
We have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based.
Facebook chief executive Mark Zuckerburg also commented on the security breach:
So far our initial investigation has not shown that these tokens were used to access any private messages or posts or to post anything to these accounts. But this, of course, may change as we learn more. The attackers used our APIs to access profile information fields like name, gender hometown, etc. But we do not yet know if any private information was accessed that way.
Facebook will continue to monitor the issue to ensure that no other accounts are compromised. But the breach of security can only spell bad news for the company, which has struggled to earn back users’ trust after the Cambridge Analytica scandal.