News of a hack affecting 50 million Facebook users made waves Friday among the social network’s more than 2 billion monthly active users.
A vulnerability in the site’s “View As” feature, which lets users see what their profile looks like from someone else’s view, allowed an attacker to steal access tokens that would provide entry to people’s personal accounts, Facebook said in a blog post.
Between the estimated 50 million accounts whose access tokens were compromised, and the 40 million more users whose accounts Facebook reset as a “precautionary step,” an estimated 90 million users were logged out of their Facebook accounts on Friday.
The affected “access tokens” are what keep users logged into Facebook on their devices, and saves them from having to re-enter their password every time they want to use the site. Because of the hack, Facebook has already reset these access tokens, which means that if you were affected by the hack, you’ll notice that you have been automatically logged out of your Facebook account, as well as any other apps that use Facebook to login.
Although you will to have to log back into your account, you do not have to change your passwords, Facebook said.
Facebook wrote in its post that affected users “will get a notification at the top of their News Feed explaining what happened” after logging back in. However, several Business Insider reporters who were required to log back into their accounts said they did not see any type of message upon re-entry.
The “View As” feature, the source of the vulnerability, has been disabled for the time being. The feature became open to attack in July 2017 when Facebook edited its video uploading, Facebook said. If you try to access the “View As” feature now, an error message appears saying that it has been “temporarily disabled”:
Facebook CEO Mark Zuckerberg posted Friday that the company was unsure whether the affected accounts were actually accessed. He emphasized that logging out the additional 40 million people — which includes users who have ever used the “View As” feature — was simply precautionary.
“We face constant attacks from people who want to take over accounts or steal information around the world,” Zuckerberg wrote. “While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place.”