Facebook engineers discovered a security attack affecting nearly 50 million accounts, the social media network announced Friday, Sept. 28, 2018.
The vulnerability that allowed attackers to take over user's Facebook accounts has been fixed and law enforcement has been contacted, according to a security update posted online Friday by Guy Rosen, Facebook's vice-president of product management.
READ MORE: Smart device apps may foster bad choices
Attackers used a vulnerability in the code for the "View As" feature that allows users to view how others see their profile, the update states. Facebook temporarily disabled the feature while its investigation into the exploit continued.
According to the statement by Rosen:
"Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details - and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens."
Facebook users can check where and on what devices they are signed into the site at https://www.facebook.com/settings?tab=security.