Facebook said it informed users on Friday the company discovered attackers using a new technique to potentially take over user accounts–putting 50 million accounts at risk and forcing the company to take preventative action on 90 million accounts.
“Attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts,” Facebook stated in its blog.
The said it contacted law enforcement, turned off the feature, reset access tokens for 50 million accounts, and required 90 million accounts to log back into the site. The company also assured users that there is no need to reset passwords.
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details,” the company said.