“We have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based,” said product management VP Guy Rosen.
Facebook has launched a detailed investigation into the matter and promised to take immediate action to ensure users’ security
It is suspected that hackers sneaked into access tokens, which function as digital keys to let users remain online without having to repeat the process all over again whenever they sign in. The bug will ultimately allow the hackers to access the profiles. According to the post, the access tokens of all accounts have been affected.
Facebook claims to have fixed the snag that caused the break-in by resetting the tokens of the affected users and alerted the law enforcement agencies. The security update has also been applied to around 40 million more accounts, which were subject to a ‘View As’ lookup last year. Also, all the 90 million users have been alerted about the breach, requiring them to re-login.
A few months ago, Facebook encountered a similar data breach and admitted that a technical glitch in the users’ settings made a huge volume of private messages accessible to ‘public’, affecting 14 million users. The bug intruded into users’ profiles and reset their privacy preferences, making private posts visible to virtually everyone who uses the platform.
Earlier this month, Facebook COO Sheryl Sandberg had testified before the Senate facing questions on various cases of data breach on the platform, including the one involving controversial UK firm Cambridge Analytica. Then, Sandberg had vowed to have a comprehensive security system in place to prevent such incidents from happening in the future.
Friday’s news triggered a selloff and Facebook shares lost more than 3% in the afternoon, extending the downward slide that began earlier this week.