Monday 14 October 2019

Up to 50 million Facebook users impacted by a 'really serious security issue' - Zuckerberg

Facebook founder Mark Zuckerberg. Photo: AFP/Getty
Facebook founder Mark Zuckerberg. Photo: AFP/Getty
Louise Kelly

Louise Kelly

Facebook's engineering team has discovered a security issue on the platform that affected almost 50 million accounts.

The tech giant said it is unsure who is behind the attacks, or where they are based - but the investigation is still in its early stages.

It has also yet to be determined whether these accounts were misused or if any information was accessed.

Chief Executive Mark Zuckerberg described the incident as a “really serious security issue" in a conference call with reporters.

Shares in Facebook fell 3.0 percent in afternoon trading, weighing on major Wall Street stock indexes.

It is understood that the breach, whereby attackers exploited vulnerability in Facebook's code, occurred on September 25.

Facebook CEO Mark Zuckerberg
Facebook CEO Mark Zuckerberg

Facebook said that the attack impacted the 'view as' feature and allowed the attackers to steal Facebook access tokens that could be used to take over people's accounts.

The company said it has fixed the code vulnerability and reset the access tokens of almost 50 million accounts that is as yet known to be affected.

It is also temporarily turning off its 'view as' feature as it conducts a security review and has also contacted law enforcement.

A further 40 million accounts, who have been subject to a 'view as' look-up feature in the last year, will have their access tokens reset as a precautionary measure.

According to Facebook, this means that around 90 million people will now have to log back into Facebook.

It is believed that the latest security incident stemmed from a change made to Facebook's video feature in July 2017.

Facebook's Head of Security Guy Rosen released a statement following the discovery of the incident.

"People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened," he said.

"There’s no need for anyone to change their passwords. But people who are having trouble logging back into Facebook — for example because they’ve forgotten their password — should visit our Help Center".

Anyone who wishes to take the precautionary action of logging out of Facebook have been advised to visit the “Security and Login” section in settings. It lists the places people are logged into Facebook with a one-click option to log out of them all.

Online Editors

Also in Business