Mark Huffman Reporter
Facebook reports hackers breached its system and gained access to some 50 million login credentials, in effect giving them access to the accounts.
The breach was uncovered three days ago when it was found that attackers exploited a vulnerability in the platform's "View As" code, a feature that allows users to see what their profile looks like when another person is accessing it.
"This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts," Facebook said in a security update. "Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app."
The social media giant says its engineers have reset the affected access tokens. Affected users will not have to take any action, except they will have to re-enter their username and password the next time they log in to their account.
In addition to the 50 million users whose tokens were compromised, another 40 million had their tokens reset as a precaution. Facebook said they had been subject to a “View As” look-up in the last year.
"As a result, around 90 million people will now have to log back into Facebook, or any of their apps that use Facebook Login," the company said. "After they have logged back in, people will get a notification at the top of their News Feed explaining what happened."
Meanwhile, Facebook said it is temporarily turning off the "View As" feature while it conducts a security review.
Facebook said it has not determined whether any of the compromised accounts were misused or if hackers accessed any information.
The company has been under pressure for much of the year on privacy issues. In March it revealed that a third party firm sold personal information on millions of users to a political marketing firm, in violation of its terms of service.