Facebook Cybersecurity Risk Alert: On Tuesday, September 25th, Facebook discovered a security breach affecting approximately 50 million users. Attackers exploited a vulnerability in the “View As” feature of Facebook, which allows users to view their profile from the perspective of another user. As a result of the exploit, the attackers stole Facebook access tokens, which could have allowed them to gain control of the user accounts. Access tokens are digital keys that keep users logged in to Facebook and do not require users to re-enter their password every time they use the application.
At this time, it has not been determined whether any information was accessed or if the affected accounts were compromised in any other way. The breach was reported to law enforcement on Tuesday. The attackers have not yet been identified and the investigation into the incident is still in its early stages.
The vulnerability was remediated Thursday (yesterday) evening. Approximately 50 million accounts have had their access tokens reset and, an additional 40 million accounts have had their access tokens reset as a precautionary step. Today, the 90 million users were prompted to re-login to their Facebook accounts or any other applications that use Facebook login. Once logged in, an explanation of the breach will be available to users at the top of their News Feed.
The “View As” feature has been temporarily disabled for security purposes.
For additional information and information on how you can take immediate action to secure your Facebook account,
please visit: https://newsroom.fb.com/news/2018/09/security-update/