An attack on Facebook discovered earlier this week exposed information on nearly 50 million of the social network’s users, the company announced Friday.
The attackers exploited a feature that lets users see their Facebook page the way someone else would. They could then potentially use it to take over the accounts. Facebook said it does know who the attackers were or where they were based. It also said it has already fixed the issue and informed law enforcement. More than 90 million users were forced to log out of their accounts on Friday for security reasons.
The company says it does not know if the affected accounts were misused in any way or if any user information was actually accessed. It has turned off the “View As” feature that the attackers exploited while it investigates. It believes the vulnerability appeared after it made a change to a video uploading feature in 2017.
The attackers stole Facebook “access tokens” which keep a person logged into their Facebook account over long periods of time so they don’t have to keep signing in. Facebook reset all 50 million, as well as tokens for an additional 40 million as a “precautionary step.”
It is holding a call with members of the press at 1 p.m. ET to discuss the attack.
The announcement is the latest issue for the company, which has struggled with security breaches, privacy issues and misinformation in recent years.
CEO Mark Zuckerberg has said in the past that fighting bad actors on the platform is a ” never-ending battle.”