On Friday, Facebook confirmed that an unknown, malicious outside entity hacked the social network and put nearly 50 million accounts at risk.
The social networking giant has confirmed today that on September 25th, hackers used a vulnerability tied to the code used in the “View As” feature to steal access tokens tied to Facebook accounts. View As allows Facebook users to see how their profile appears to other users. Those access tokens are used to keep individual Facebook users logged into their account.
Facebook’s confirmation says that nearly 50 million accounts were directly affected by the hack. The company has already alerted law enforcement and says it has patched the vulnerability. In addition, Facebook has reset the access tokens to the affected 50 million accounts and has also reset access tokens for 40 million additional accounts that have had their accounts accessed with the View As feature within the last year.
Facebook says if your account is part of that 90 million-wide net, you’ll need to log out and then log back in. However, the company says that changing your password should not be a requirement. Finally, the company has yet to identify the hackers, and it says that it does not know if any personal information was stolen in the process.
This is a major issue for Facebook, especially considering how many accounts were affected. It’s good they’ve patched the vulnerability pretty quickly, but hopefully it isn’t discovered later that a ton of personal information was also stolen in the process.