Facebook said that nearly 50 million accounts were affected by a network vulnerability that left personal information available to attackers, the company vice president of product management Guy Rosen wrote in a news release.
Rosen said the vulnerability was rooted in the “view as” feature on the site, which lets users preview what their profile looks like to friends and the public.
“This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” Rosen wrote.
As a result, about 50 million affected accounts were logged out, as well as another 40 million accounts in a precautionary measure, according to the site. Users will have to log back in to their accounts, and when they are back online, they will have a notification explaining why they had been logged out.
About 2 billion people use Facebook worldwide, so about 4.5 percent of the site’s users have had their accounts reset.
Facebook said it did not know who the hackers were, what, if any, information was taken, or if any of the accounts were misused. The company said it was still in the early stages of an investigation, and that the “view as” feature is also being disabled for now.
“People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened. There’s no need for anyone to change their passwords,” Rosen wrote.
It’s only the latest instance of Facebook’s struggle to secure user data. Earlier in 2018, Facebook founder and CEO Mark Zuckerburg testified before Congress after reports that user data was improperly shared to the firm Cambridge Analytica. About 21 million people were also affected by a hack on Facebook related to the “Timehop” program earlier in July, according to Forbes.