Facebook released a statement today about another data breach. According to the statement, Facebook’s engineering team found the latest issue on September 25. The issue is said to have affected around 50 million accounts, and Facebook has taken action on another 40 million accounts that could have also been affected.
So, What Happened?
This security issue is related to Facebook’s “View As” feature that allows users to view their own profile as it looks to their friends and other Facebook users. The bug allowed attackers to use the feature to steal Facebook access tokens which they exploit to take over other people’s accounts.
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they open the app.” –Security Update, Facebook
Facebook is still investigating, and hasn’t determined whether the vulnerability was actually misused in any way. In response to the bug, Facebook has reset access tokens for around 50 million affected accounts, and for an additional 40 million users who used the “View As” feature in the past year. These users will need to log back in to their account after having their access token reset.
According to the company’s statement, the bug is the result of a change to its video uploading feature it made in July 2017.
Rough Year for Facebook Gets Rougher
2018 has been a hard year for Facebook. It has had to deal with the Cambridge Analytica scandal and senate hearings, and its stock price fell considerably after announcing it would be focusing on privacy in the coming months which will impact its profits.