We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
(Reuters) — Facebook said on Friday that hackers had discovered a security flaw that allowed them to take over up to 50 million user accounts, a major breach that adds to a bruising year for the company’s reputation.
Facebook, which has more than 2 billion monthly active users, said it has been unable to determine yet whether the attackers misused any of the affected accounts or stole private information.
Facebook made headlines earlier this year after the data of 87 million users was improperly accessed by Cambridge Analytica, a political consultancy. The disclosure has prompted government inquiries into the company’s privacy practices across the world, and fueled a “#deleteFacebook” movement among consumers.
Shares in Facebook fell more than 3 percent in afternoon trading, weighing on major Wall Street stock indexes.
The latest vulnerability had existed since July 2017, but Facebook did not discover it until this month when it spotted an unusual increase in use of its “view as” feature.
“View as” allows users to see what their own profile looks like to someone else. The flaw inadvertently issued users of the tool a digital code, similar to browser cookie, that could be used to post from and browse Facebook as if they were someone else.
The company said it fixed the issue on Thursday. It also notified the U.S. Federal Bureau of Investigation, Department of Homeland Security and Irish data protection authority about the breach.
Facebook reset the digital keys of the 50 million affected accounts, and as a precaution reset those keys for another 40 million that have been looked up through the “view as” option over the last year.
About 90 million people will have to log back into Facebook or any of their apps that use a Facebook login, the company said.
Facebook is also temporarily disabling “view as,” it said.
In 2013, Facebook disclosed a software flaw that exposed 6 million users’ phone numbers and email addresses to unauthorized viewers for a year, while a technical glitch in 2008 revealed confidential birth-dates on 80 million Facebook users’ profiles.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.