Facebook announced Friday that nearly 50 million accounts were affected by a “security issue.”
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based,” a company post read.
Accounts became vulnerable because of a “complex interaction” of multiple code problems, but was rooted in a change made in 2017 to the “View As” feature in the video upload process. “View As” allows people to view their profile as other accounts do.
The attackers used this issue to steal “access tokens,” which keep people logged into their account.
“The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens,” Facebook wrote.
The company wrote that they already fixed the coding issue and alerted law enforcement. “View As” was also turned off during the investigation.
Facebook also reset the access tokens for a total of 90 million accounts, covering an additional 40 million exposed to the “View As” vulnerability as a precaution.
Impacted users will be prompted to log back in before receiving a notification explaining the situation.
Sen. Mark Warner, Virginia Democrat and vice chairman of the Senate Select Committee on Intelligence, called for a public investigation into the security breech.
“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. As I’ve said before — the era of the Wild West in social media is over,” he said in a statement.
Copyright © 2020 The Washington Times, LLC.