Almost 50 million Facebook users accounts were hacked and their information exposed last week.
This is according to an announcement from Facebook which disclosed that the attack led to exploitation of users accounts where the attackers managed to take over the accounts and used as if they were the owners.
The attack has been termed as the largest in the company’s 14-year history where the attackers exploited a feature in Facebook’s code to gain access to user accounts and potentially took control of them.
Attackers exploited a vulnerability in the social network’s code that affected “View As,” a feature that lets people see what their own profile looks like to someone else.
The feature was built to give users more control over their privacy. Three software bugs in Facebook’s code connected to this feature allowed attackers to steal Facebook access tokens they could then use to take over people’s accounts.
These access tokens are like digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use Facebook.
Facebook has reset the tokens of nearly 50 million accounts that were affected and, as a precaution, it has also reset the tokens for another 40 million accounts that have used “View As” in the past year.
Resetting the tokens logged the affected Facebook users out of the service and should also have logged those users out of third-party apps and websites they access through Facebook Login, too.
The news could not have come at a worse time for Facebook. It has been buffeted over the last year by scandal, from revelations that a British analytics firm got access to the private information of up to 87 million users to worries that disinformation on Facebook has affected elections and even led to deaths in several countries.
Facebook is used by more than two billion people each month.
WhatsApp and Instagram, also Facebook-owned social networks, are also used by two billion users every month.