Facebook disclosed Friday a widespread security flaw that allowed hackers to access user accounts. The breach has impacted around 50 million people. As a security measure, Facebook says about 90 million users have been required to log back into their accounts which effectively “resets” their digital key.
“This a serious issue, and we’re very focused on addressing it and it’s why we’ve patched the vulnerability,” Facebook CEO Mark Zuckerberg said during a conference call with reporters.
Engineers discovered the attack on Tuesday. According to Zuckerberg, the hackers found a vulnerability in the code of what’s called the “View As” feature, which is a privacy function that allows users to see what their Facebook profile looks like to another person. This breach allowed the hackers to access a digital key, which the hackers could have used to take over users accounts. The “View As” feature has temporarily been shut off while Facebook conducts a security review.
Guy Rosen, Facebook’s vice president of product management, said during the conference call that it is not clear who might have been behind the attack. Rosen says the company is still assessing the scope of the attack and is in the beginning stages of its investigation. Rosen says they’ve called on the help of the FBI and in light of General Data Protection Regulation laws, notified the Irish Data Commission of the breach.
“The timing is bad, it’s really the worst time for Facebook,” cybersecurity expert and San Jose State University professor Ahmed Banafa said. “They’re under the microscope.”