MENLO PARK, Calif. (KGO) -- Facebook says it is taking a number of steps to address a recent security breach affecting nearly 50 million user accounts.
CEO Mark Zuckerberg said they discovered that an attacker exploited a technical vulnerability to steal access tokens that would allow them to log into about 50 million people's accounts.
In a Facebook post, Zuckerberg listed the following steps they've taken:
- We patched the security vulnerability to prevent this attacker or any other from being able to steal additional access tokens. And we invalidated the access tokens for the accounts of the 50 million people who were affected - causing them to be logged out. These people will have to log back in to access their accounts again. We will also notify these people in a message on top of their News Feed about what happened when they log back in.
- As a precautionary measure, even though we believe we've fixed the issue, we're temporarily taking down the feature that had the security vulnerability until we can fully investigate it and make sure there are no other security issues with it. The feature is called "View As" and it's a privacy tool to let you see how your own profile would look to other people.
- As an additional precautionary measure, we're also logging out everyone who used the View As feature since the vulnerability was introduced. This will require another 40 million people or more to log back into their accounts. We do not currently have any evidence that suggests these accounts have been compromised, but we're taking this step as a precautionary measure.
Here are more details about the breach and what the company is doing to ensure users' safety.
See more stories, photos, and videos on Facebook.