A hacker gained access to 50 million Facebook user accounts by exploiting a weakness within the social network’s systems, Facebook said on Friday.
News of the cyber attack – which appears to be one among the foremost significant in Facebook’s history – sent shares of the corporate down roughly 3% in midday trading on Friday, adding to the pile of woes currently weighing on the corporate.
Facebook CEO Mark Zuckerberg hosted a telephone call with journalists shortly after the news was announced, underscoring the severity of true.
Mark Zuckerberg also said the below on his Facebook feed :
“I want to update you on a crucial security issue we’ve identified. We patched the difficulty last night and are taking precautionary measures for people who might need been affected. We’re still investigating, but i need to share what we’ve already found: On Tuesday, we discovered that an attacker exploited a technical vulnerability to steal access tokens that will allow them to log into about 50 million people’s accounts on Facebook. We don’t yet know whether these accounts were misused but we are continuing to appear into this and can update once we learn more.
We’ve already taken variety of steps to handle this issue:
1. We patched the protection vulnerability to stop this attacker or the other from having the ability to steal additional access tokens.
And we invalidated the access tokens for the accounts of the 50 million those who were affected – causing them to be logged out. These people will must log back in to access their accounts again. we are going to also notify these people in a very message on top of their News Feed about what happened once they log back in.
2. As a precautionary measure, while we believe we’ve fixed the difficulty, we’re temporarily taking down the feature that had the safety vulnerability until we will fully investigate it and ensure there are not any other security issues with it. The feature is named “View As” and it’s a privacy tool to allow you to see how your own profile would look to people.
3. As an extra precautionary measure, we’re also logging out everyone who used the regard feature since the vulnerability was introduced. this may require another 40 million people or more to log into their accounts. We don’t currently have any evidence that implies these accounts are compromised, but we’re taking this step as a precautionary measure. We face constant attacks from people that want to require over accounts or steal information round the world. While I’m glad we found this, fixed the vulnerability, and secured the accounts that will be in danger, the truth is we want to continue developing new tools to forestall this from happening within the first place. If you’ve forgotten your password or are having trouble logging in, you’ll be able to access your account through the assistance Center.