Recently, social media giant, Facebook announced a security breach that affected about 50 million accounts on the platform. The attack was revealed to have occurred on Tuesday, 25th September. Facebook also disclosed that the attack exposed some personal information although the full extent of the cyber attack isn’t known at the moment.
According to Facebook, the attackers made use of the Facebook code that functioned as the ‘View As’ feature. A feature that allows a user see how others visualise his or her profile. The vulnerability of the code enabled the cyber attackers to gain control of Facebook’s access token allocated to about 50 million accounts.
For the uninitiated, an access token is what keep users logged into an account after they must have logged in once, without the need to log in again on the app. As a matter of fact, the access tokens of 90 million Facebook accounts were reset (of which the 50 million breached accounts are included) on Friday as a security measure to this breach.
In other words, the owners of these accounts will need to log in again as they have been logged out as a result of the reset. There’s no need to change the Facebook passwords as the attackers were not able to gain access to that.
In addition to not knowing the full extent of the breach, the company also doesn’t know the culprits. Meanwhile, steps have been taken to report the issue to their data regulators in Ireland.
About the security breach, this was what the company’s CEO, Mark Zuckerberg had to say:
We’re taking it really seriously. We have a major security effort at the company that hardens all of our surfaces. I’m glad we found this. But it definitely is an issue that this happened in the first place.
With time, we’re expected to receive more updates from the social media giant regarding this mishap.