Facebook said on Friday it found a security flaw in almost 50 million accounts that would allow hackers to take over people’s profiles, an additional blow to the social network’s record on privacy.
Facebook did not say how many accounts had been taken over through the vulnerability.
The company in a blog post said that someone had used the vulnerability to attack its network, although it did not know who was behind the attempt. Facebook said it had yet to determine whether any accounts were misused or if any information was improperly accessed.
“We’re continuing to look into this and we’ll update when we know more,” Facebook CEO Mark Zuckerberg said on a call with reporters.
The flaw in Facebook’s code was related to the social network’s “view as” feature, which lets people see what their own profile looks like to someone else. Facebook said it had disabled the feature for now and was resetting the digital keys that 50 million people use to log in, as well as the digital keys of another 40 million accounts that had been “subject” to a “view as” look-up in the past year.
Facebook said it had fixed the vulnerability since discovering it on Tuesday, and had also informed law enforcement including the FBI and Ireland’s data protection commission. Facebook serves its European users from a regional headquarters in Ireland.
Facebook, the world’s largest social media service with more than 2.2 billion monthly users, has been trying to repair its reputation among users after an earlier privacy scandal, in which the personal information of up to 87 million people ended up in the hands of political consultancy Cambridge Analytica.
“This is clearly a breach of trust, and we take this very seriously,” Guy Rosen, Facebook’s vice president of product management, said on the call.
Shares in Facebook fell after the company’s latest announcement. They traded at $162.87, down 3.5 percent.
Shares in Facebook fell 3.5 percent after the company’s announcement.
Zuckerberg said Facebook faces constant hacking attempts and would continue spending heavily on security. “We need to do more to prevent this from happening in the first place,” he said.