Fb has mentioned “nearly 50 million” of its customers had been left uncovered by a safety flaw.
The corporate mentioned attackers had been in a position to exploit a vulnerability in a function often called “View As” to achieve management of individuals’s accounts.
The breach was found on Tuesday, Fb mentioned, and it has knowledgeable police.
Customers that had probably been affected had been prompted to re-log-in on Friday.
The flaw has been mounted, wrote the agency’s head of safety, Man Rosen, including all affected accounts had been reset, in addition to one other 40 million “as a precautionary step”.
Fb – which noticed its share worth drop greater than three% on Friday – has greater than two billion lively month-to-month customers.
- Tech Tent: Fb’s household feud
- Fb hate speech glitch investigated by agency
The agency wouldn’t say the place on this planet the 50 million customers are, nevertheless it has knowledgeable Irish knowledge regulators, the place Fb’s European subsidiary is predicated.
Customers that had probably been affected had been prompted to re-log-in on Friday. Nonetheless, the corporate mentioned customers didn’t have to vary their passwords.
“Since we’ve solely simply began our investigation, now we have but to find out whether or not these accounts had been misused or any data accessed. We additionally don’t know who’s behind these assaults or the place they’re primarily based. “
He added: “Folks’s privateness and safety is extremely essential, and we’re sorry this occurred.”
Fb’s “View As” perform is a privateness function that enables individuals to see what their very own profile appears to be like to different customers, making it clear what data is viewable to their buddies, buddies of buddies, or the general public.
Attackers discovered a number of bugs on this function that “allowed them to steal Fb entry tokens, which they may then use to take over individuals’s accounts”, Mr Rosen defined.
“Entry tokens are the equal of digital keys that preserve individuals logged in to Fb in order that they need not re-enter their password each time they use the app,” he added.
The breach comes at a time when the agency is struggling to persuade lawmakers within the US and past, that it’s able to defending consumer knowledge.
Fb founder Mark Zuckerberg mentioned on a convention name on Friday that the agency took safety significantly, within the face of what he mentioned had been fixed assaults by unhealthy actors.
Has your Fb account been affected? You possibly can share your expertise by emailing.
Please embody a contact quantity if you’re keen to talk to a BBC journalist. You may as well contact us within the following methods:
- WhatsApp: +44 7555 173285
- Ship photos/video to
- Or add your photos/video right here
- Tweet: @BBC_HaveYourSay
- Ship an SMS or MMS to 61124 (UK) or +44 7624 800 100 (worldwide)
- Please learn our phrases & circumstances and privateness coverage