Earlier this week Facebook discovered a breach in its security that compromised the data of nearly 50 million accounts. The announcement that the breach occurred was made on Friday and while authorities have been contacted, but Facebook has yet to discover where the attack came from or the full scope of it.
The breach was discovered by Facebook’s engineering team Tuesday morning and, according to a post on Facebook’s newsroom, the company says that 90 million users were forced to log out and log back in to verify their credentials.
According to Facebook, the attackers used the “View As” feature that allows users to see what their account looks like to their friends, family members and complete strangers to “steal Facebook access tokens which they could then use to take over people’s accounts”.
After the breach, Facebook says it will disable that feature until it can conduct a thorough security review.
What information was taken?
At the moment, Facebook has yet to reveal what data was affected by the breach but says that it’s working to figure that information out.
It doesn’t help that the company isn’t sure who the attackers are or where the attackers came from. Those details, according to Facebook, are still under investigation.
“We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.”
Facebook has reset the access tokens for some 50 million accounts it knows were affected by the breach, alongside another 40 million other accounts that may have been affected.
For those worried they may be affected, Facebook is encouraging folks to visit the “Security and Login” section in their settings to log out of all the locations signed in with their account.