Facebook has been hit with a data breach affecting around 50 million users, and forcing 90 million to log back in, the social media giant announced on Friday.
The breach was discovered on September 25. Hackers were able to get in using Facebook’s “ViewAs” feature, the firm said in a blog post.
This enabled the attackers to create access tokens to hijack user accounts. They also reportedly gained profile information on Facebook users, enabled by Facebook’s video uploading feature.
The episode draw worldwide attention, and left observers aghast.
“These types of incidents serve as a reminder that no organization is immune to cyber threats,” says Matthew Maglieri, CISO for Ashley Madison. “Facebook is at the forefront of web application security and have an incredibly talented team dedicated to protecting the security and privacy of their users.”
On Facebook itself, users made such comments as: “Well, this explains what happened to me -- and 90 million other people -- this morning.”
The firm notified law enforcement. But FTC Rohit Chopra tweeted “I want answers,” according to USAToday.
Meanwhile, Facebook CEO Mark Zuckerberg told reporters: “We are still in the early stags of investigating this, according to USA Today. “We do not know if any the accounts were actually misused.
He added that the breach was closed on Thursday night, according to reports. But Gary Rosen, vice president of product management, reportedly said, “We may never know who is behind this.”
This follows an AP report on Thursday srating that European Union lawmakers have submitted a draft resolution demanding that that Facebook submit to a a full and independent audit of its platform investigating data protection and security of personal data" in the wake of the Cambridge Analytica scandal.
The New York Post reports that Facebook shares have fallen by 3.1% to $163.66.