Another day, another Facebook security breach. This morning, Friday, September 28th, more than 90 million users awoke to find they’d been logged out of their accounts across all devices overnight. And now, we know why.
The New York Times reports that Facebook discovered an attack on their network earlier this week that exposed the personal information of nearly 50 million users. The discovery prompted them to implement security measures, which included logging 90 million users out of their accounts—the 50 million directly affected by the breach, plus 40 million others as a precaution.
The company revealed that the attackers were exploiting the platform’s “View As” feature, which has since been temporarily disabled while an investigation is conducted. According to Facebook, a software update to its video uploading system last year inadvertently exposed the bug. It allowed hackers to steal the “access tokens” that kept users from having to log into their accounts every time they visited the site.
Facebook said they quickly fixed the bug and notified authorities after discovering the attack, adding that their investigation into the breach is still in the early stages. They aren’t sure who is behind the attack or the extent to which the exposed information was potentially misused.
This new breach comes at a sensitive time for Facebook.
The social networking platform continues to face public scrutiny stemming from the Cambridge Analytica scandal earlier this year. When CEO Mark Zuckerberg testified before Congress, he vowed that the company would do a better job of protecting user data.
Given the recent scandals surrounding Facebook’s handling—and alleged mishandling—of its users’ privacy, this new breach likely leaves many wary about their future use of the social networking platform. We’re definitely longing for the simplicity of our MySpace days.