(NEW YORK) — Facebook said on Friday it has found a security “issue” exposing almost 50 million accounts relating to its “View As” feature, but as many as 90 million total accounts may be affected.
“Attackers exploited a vulnerability in Facebook’s code that impacted ‘View As,’ a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” Facebook’s vice president of product management Guy Rosen wrote in an emailed statement.
“We’ve fixed the vulnerability and informed law enforcement,” Rosen said. “We have reset the access tokens of the almost 50 million accounts we know were affected to protect their security.”
About 90 million Facebook users who keep the site open on their browsers or mobile phone apps were prompted to log in again on Friday morning as a result of the discovery, the company said.
“We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a ‘View As’ look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login,” Rosen said. “After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.”
The company is temporarily turning off the “View As” feature while it conducts a thorough security review, according to the statement.
Copyright © 2018, ABC Radio. All rights reserved.