Facebook logs out up to 90M users after breach in security
Facebook said Friday that hackers had stolen information that could have allowed them to take over 50 million user accounts, in the latest mishap for the social media company, which has spent months struggling to regain the confidence of policymakers and the public.
It said that as many as 90 million Facebook users — out of a total of 2.2 billion — will have to log back into their accounts as a result of the breach. Notifications will appear at the top of the Facebook news feed for the 50 million users who were directly affected, executives said on a call with reporters.
The hackers were able to gain access to profile information, such as users’ names, hometowns and genders, Facebook said. It is possible they could have had access to more information, but Facebook said its investigation is in the early stages. No credit card information was exposed, Facebook executives said, and so far there is no evidence the attackers sought to access private messages or post fraudulent messages from the accounts.
“This is a serious issue and we’re committed to addressing it,” said Facebook chief executive Mark Zuckerberg.
Facebook discovered the breach on Tuesday after noticing a spike in user activity on Sept. 16. They soon found three interlocking bugs on Facebook’s website that attackers had been using to gain access to accounts through a flaw in the “View As” feature, the company said, which allows a Facebook user to view his or her own profile as somebody else might see it.
The incident prompted Facebook to disable the “View As” feature for now, and users are not being asked to change their passwords. The company has not determined who is responsible for the attack.
Facebook said in a blog post “we’ve taken immediate action to secure these accounts and let users know what happened.”
It said that the security issue was patched Thursday.