Facebook explains security breach that affected 50million users this week
Facebook has announced that almost 50 million of its users were left exposed by a security flaw early this week.
The American company said ‘attackers’ were able to exploit a vulnerability in a feature known as ‘View As’ to gain control of people’s accounts.
The breach was discovered on Tuesday, Facebook said, with potentially affected users prompted to severally re-login on Friday.
Nairobi News can confirm several Kenyan users were affected.
The flaw has however since been fixed, wrote the firm’s vice-president of product management, Guy Rosen, adding all accounts had been reset, as well as another 40 million ‘as a precautionary step’.
Facebook which saw its share price drop more than 3% on Friday has more than two billion active users.
The company has confirmed that the breach would allow hackers to log in to other accounts that use Facebook’s system, of which are many.
This means other major sites, such as AirBnB and Tinder, may also be affected.
Who has been affected?
The firm would not say where in the world the 50 million users are, but it has informed Irish data regulators, where Facebook’s European subsidiary is based.
The company said the users prompted to log-in again did not have to change their passwords.
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. “
He added: “People’s privacy and security is incredibly important, and we’re sorry this happened.”
The company has confirmed that Facebook founder Mark Zuckerberg and its chief operating officer Sheryl Sandberg were among the 50 million accounts affected.
What is ‘View As’?
Facebook’s “View As” function is a privacy feature that allows people to see what their own profile looks to other users, making it clear what information is viewable to their friends, friends of friends, or the public.
Attackers found multiple bugs in this feature that “allowed them to steal Facebook access tokens, which they could then use to take over people’s accounts”, Mr Rosen explained.
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” he added.