- Today, Facebook announced that it discovered a security exploit earlier this week that affects 50 million users.
- The security exploit took advantage of the “View As” feature, which lets you view your own profile as others see it.
- As a precaution, the 50 million users (plus another 40 million cautionary users) will be logged out of their accounts and will have to log back in.
Today, Facebook announced that it discovered a security vulnerability within Facebook’s code on Tuesday, September 25, 2018. The Facebook hack could potentially have affected 50 million users.
Facebook’s announcement on the matter assures users that it is “taking this incredibly seriously” and has already “fixed the vulnerability and informed law enforcement.”
As a precaution, Facebook is logging out the 50 million users in question, which should protect them from the dangers of the vulnerability. It is also logging out an additional 40 million users who had interactions with the exploited feature as a precautionary measure, even though it is unlikely those users were affected. Logged-out users can simply log back in afterward, where they’ll be greeted with a message explaining the situation.
The exploit involves a feature within Facebook called “View As.” Using the View As feature, a user can see what their profile looks like when someone else visits it.
The way the View As feature works is by giving a user a security token, very similar to the security token they are given which allows them to repeatedly access Facebook without having to log in every time. Hackers apparently exploited this security token to enable them to remotely access a user’s profile if the user clicked on the View As feature.
All in all, 90 million Facebook users either were exploited by the hack or used the View As feature at some point in the past year and thus could potentially have been exploited.
Besides logging out those 90 million users, Facebook is also temporarily disabling the View As feature until it can get a grip on what happened and how.
Facebook had this to say about its investigation into the matter:
Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based.
If this Facebook hack makes you nervous, it seems that if you didn’t use the View As function in the past year you are safe. Facebook doesn’t even recommend that users change their passwords for safety’s sake, as the vulnerability is not based on password security. However, if you haven’t changed your Facebook password in a while, now might be a good time to do that anyway.
You can read Facebook’s full statement on the matter here.