Facebook announced today that earlier this week, it discovered a security breach that affected almost 50 million accounts. The problem was found with Facebook's "View As" feature, which allows users to see what their profile looks like to others. A vulnerability in "View As" allowed hackers to steal Facebook access tokens, which were used to access unsuspecting subscribers' Facebook accounts. These tokens are used as digital keys so that members don't have to sign in every time they use the app.
So far, Facebook says that it has patched the vulnerability and has contacted law enforcement. It has also reset the access tokens of the close to 50 million affected members along with an additional 40 million who were "subject to a 'View As' look up in the last year." That means approximately 90 million Facebook users will have to log-in to Facebook along with any of the apps they open using their Facebook log-in. Once these users do sign-in, they will receive a notification in their Facebook News Feed with an explanation about what occurred.
While Facebook is investigating, the "View As" feature has been disabled temporarily. Since the investigation is at the earliest stages, Facebook has no idea whether any of the accounts affected were actually misused by hackers, and does not know if any personal information has been stolen. It also has no idea who was behind the attacks.
This has not been a great year for Facebook with the discovery earlier this year that personal information from 87 million accounts was collected without permission and sold to Cambridge Analytics for use during the 2016 presidential campaign. Earlier this year, Facebook co-founder and CEO Mark Zuckerberg testified about online privacy before Congress twice.