Yesterday, Facebook revealed a widespread security fault that could have allowed hacker’s or malicious third parties to access an affected user’s account by obtaining their security token. The fault has affected as many as 50 million people on Facebook, the company says it’s forcibly making around 90 million users log back into their accounts in full today to be safe.
The company also says its fixed the issue and have alerted law enforcement, indicating that this is not an engineering mistake, but a purposeful exploit discovered and used by hackers or third party- organization. The engineering team was made aware of the issue on 25th September, but it was not clear whether accounts were compromised, at the time of exploit or who was behind the attack, said the FFacebook ’s vice president of product management Guy Rosen.
“On Tuesday, we discovered that an attacker exploited a technical vulnerability to steal access tokens that would allow them to log into about 50 million people’s accounts on Facebook, We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more,” wrote CEO Mark Zuckerberg in a post to his personal Facebook page.