Facebook says it has discovered a security breach affecting about 50 million user accounts which could have allowed hackers to access those accounts.
The social media giant said Friday it has taken steps to fix the security problem and alerted law enforcement.
The company said hackers exploited the “View As” feature, which lets users see how their own profiles would look to other people. It said hackers were then able to use the security flaw to steel log-in keys, called access tokens, that would allow them to access people’s accounts.
“It’s clear that attackers exploited a vulnerability in Facebook’s code,” vice president of product management Guy Rosen said in a blog post.
Facebook chief executive Mark Zuckerberg said the company does not know if any accounts were actually misused. He said Facebook discovered the breach on Tuesday, and patched it on Thursday night.
Facebook said it took an additional “precautionary step” of resetting the logins of 90 million users. This will require those users to log back in to Facebook the next time they try to access their account.
The breach is the latest privacy embarrassment for Facebook, which earlier this year acknowledged that a political consultancy firm, Cambridge Analytica, gained access to the personal data from millions of user profiles. Facebook has also come under criticism for fake political ads posted on its site from Russia and other countries.
Zuckerberg appeared at a Congressional hearing over the company’s privacy policies in April.
Facebook has more than 2 billion users worldwide.