Facebook revealed today that its computer network was breached by hackers, exposing the personal information of almost 50 million users.
“The company said it discovered the breach this week,” The New York Times reports. “The attackers exploited a feature in Facebook’s code that allowed them to take over user accounts. Early Friday, Facebook forced more than 90 million users to log out of their accounts, a common safety measure taken when accounts have been compromised.”
Facebook said it had fixed the vulnerability and had notified law enforcement officials.
Facebook CEO Mark Zuckerberg said in a conference call with reporters: “We’re taking it really seriously. I’m glad we found this, but it definitely is an issue that this happened in the first place.”
Facebook had yet to fully assess the scope of the attack, with its investigation still in the early stages.
“The attackers exploited two bugs in the site’s ‘view as’ feature, which allows users to view their own profiles as if they were someone else, Facebook said. The feature was built to give users more control over their privacy,” The Times reports. “That was compounded by a flaw in Facebook’s video-uploading program, a software feature that was introduced in July 2017, the company said. The flaw allowed the attackers to steal so-called access tokens — digital keys that allow access to an account.”