Facebook announced that it experienced a data breach occurring on September 25th affecting at least 50 million users.
Disclosing the data breach, the social media giant issued a statement that said an "attack" on its system led to "the exposure of information." according to CEO Mark Zuckerberg in a statement.
"We’re taking it really seriously," Zuckerberg said. "I’m glad we found this, but it definitely is an issue that this happened in the first place."
He also said that the company has patched the vulnerability exploited by the attackers, and also said that in it's investigating the issue internally, as well as with the authorities.
Guy Rosen, Facebook’s VP of Product Management described some of the details:
"Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app."
What the attackers did here, was exploiting a feature in Facebook’s code that allowed them to take over users' accounts.
The flaw happened to be originated from two bugs: the first was found on the site's 'View As' feature, which allows users to view their own profiles as if they were someone else, Facebook said. The feature was intentionally built to give users more control over their privacy.
That feature unfortunately had issues.
Compounded with a flaw in Facebook's video-uploading feature that was introduced back in July 2017, the attackers were able to steam access tokens, which are digital keys that allow access to users' accounts.
Following the breach, the social giant logged at least 90 million users out of their account, as a security precaution and a standard procedure. It also reset account access tokens, and turned off the 'View as' feature temporarily.
The attack was discovered as Facebook continued to contend with the aftermath of its role in a widespread Russian disinformation campaign during the 2016 presidential election, and also from the Cambridge Analytica scandal, which exposed personal data of up to 87 million Facebook users.
The company also faces prospect federal regulation amid questions about whether the company has grown too powerful.
As the largest social media network in the world, Facebook boasts billions of monthly active users. The challenges it frequently face, include convincing users that it can handle the incredible wealth of data it has access to.
"We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you," Zuckerberg said in a statement regarding Cambridge Analytica.