Facebook has officially said that around 50 million user accounts may be at risk after hackers exploited a security vulnerability on the Facebook website.
Today, On Friday, the company issued a statement in a blog post that says it discovered the bug earlier in the week. The bug is part of the site’s “View As” feature that lets a user see their profile as someone else. Currently, Facebook has disabled the “View As” feature as the investigation is being done about a possible attack on users accounts.
This bug allowed hackers to get access to the ‘tokens’, which are used to keep users logged in. This would let hackers to break into accounts using the stolen tokens and eventually gaining access to all their information.
Facebook also says that it has reset access tokens of all users affected. Some 90 million users will have been logged out of their account, few twice in the last 48 hours. They were logged out from all logged in devices such as computers, mobile apps.
Facebook has also mentioned that users will be notified of the security incident once they log back in through a notification in their News Feed.
“We have yet to determine whether these accounts were misused or any information accessed,” said Guy Rosen, Facebook’s vice president of product management. “We also don’t know who’s behind these attacks or where they’re based.”
Facebook was able to spot the attack because the hackers were automating their attack on a “large scale.”
Mark Zuckerberg has also issued a statement from his official Facebook account.
He says, Facebook will update users more as their investigation continues.
If you have not changed your account password, that should be your first priority right now.