Were you logged out suddenly from your facebook account on Friday by any chance? Facebook says, the logging out was part of action taken by Facebook to plug a security flaw that had affected at least 50 million users.
Data of 50 million Facebook users have been exposed following a massive security breach by unknown hackers, its CEO Mark Zuckerberg said, amid fears that a significant number of the accounts affected could be from India.
“We face constant attacks from people who want to take over accounts or steal information around the world. While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place," Zuckerberg said.
Stressing that the investigation into the incident was still at a nascent stage, Zuckerberg said the social media giant does not know if any of the accounts were misused or who was behind the cyberattacks.
"So far, our initial investigation has not shown that these tokens were used to access any private messages or posts or to post anything to these accounts." "The attackers did try to query our APIs to access profile information fields — like name, gender, hometown, et cetera — but we do not yet know if any private information was accessed that way. We’re continuing to look into this and we will update when we learn more.” he added.
Facebook has invalidated access tokens for the accounts, causing those users to be logged out.
"These people will now have to log back in to access their accounts again and we will also notify these people in a message on top of their News Feed about what happened when they log back in," the chief executive officer said.
In addition to getting in touch with law enforcement agencies, including the FBI, Zuckerberg said Facebook is logging out all users who used the "View As" feature since the flaw was introduced last year as a precautionary measure.
"This will require another 40 million people - or more - to log back into their accounts," he said.
"This is a really serious security issue. And we're taking it really seriously. We have a major security effort at the company that hardens all of our surfaces, and investigates issues like this," he said in response to a question.
"In this case I'm glad that we found this and that we were able to fix the vulnerability and secure the accounts. But it definitely is an issue that this happened in the first place," he said.
Gary Rosen, vice president pf product management at Facebook, said in all 90 million users would have to log back in. "After they have logged back in, people will get a notification at the top of their News Feed explaining what happened," he said.
Facebook said users don't need to change their passwords.
With PTI inputs