If you were asked to log into your Facebook account on Friday without any particular reason, then yours was possibly one of the 50 million accounts that were compromised in a hackers attack.
The security breach, which Facebook said took place on Tuesday, was only revealed on Friday.
The attack took place through the “View As” function, which allows users to see how other people can see their own profile. Hackers used bugs in the feature that “allowed them to steal Facebook access tokens, which they could then use to take over people’s accounts,” vice-president of product management Guy Rosen said.
Another 40 million accounts have also been reset as a precautionary measure. When news of this breach emerged, the value of Facebook shares dropped by 3%.
Following the attack Facebook logged everyone out of all 90 million accounts in order to reset digital keys the hackers had stolen—keys normally used to keep users logged in, but which could also give outsiders full control of the compromised accounts.
Although Facebook said users don’t need to change their passwords, security experts said it there would be no harm in doing so.
Facebook doesn’t know who was behind the attacks or where they’re based. In a call with reporters on Friday, Facebook CEO Mark Zuckerberg—whose own account was compromised—said that attackers might have viewed private messages or posted on someone’s account, but there’s no sign that this happened.
“We do not yet know if any of the accounts were actually misused,” Zuckerberg said.
Facebook is already facing huge criticism over the way it handles users data including the Cambridge Analytica scandal where around Facebook users – and their friends – had their personal data improperly obtained by a political research firm linked to Donald Trumps presidential campaign. Only one month ago, Facebook permanently banned the personality quiz app ‘myPersonality’ as up to four million people might have had their personal data mishandled by the app.
Rosen said the company informed the authorities of the breach and that Facebook was working with the FBI.
“The investigation is early, and it’s hard to discover who is behind this,” Rosen said. Facebook shares fell about 3% following the disclosure.
Articles about the data breach by the Guardian and the Associated Press were temporarily flagged as spam on Facebook and users were unable to share news of the attack on their profiles.