Hackers were able to access nearly 50 million Facebook accounts by exploiting a security vulnerability, the company said Friday. In response, Facebook logged about 90 million users out of their accounts as a security measure.
Exploiting a feature called “View As,” which allows Facebook users to see their profiles as other people do, hackers stole Facebook access tokens. Those tokens keep Facebook users logged in so that they don’t need to enter their password each time they access the app.
Facebook said it is still investigating the incident and does not know the identities or locations of the hackers. The company has notified law enforcement of the breach. Officials from the company know that nearly 50 million accounts were affected and reset access tokens for an additional 40 million as a precaution.
The breach comes at a critical moment for Facebook, which is facing federal investigations and public outcry over how the company handles its massive trove of user data. Earlier this year, the company landed in hot water when Cambridge Analytica used Facebook data for political purposes without users’ consent. Facebook said data from up to 87 million people was illegitimately shared with the British firm.
Facebook and other tech giants are also facing the looming prospect of a federal data privacy law. Amazon, Apple, Google, Twitter, and other big tech companies sent representatives to Washington D.C. this week for a hearing on privacy regulation. Facebook did not attend that hearing but has sent executives to the capital to testify on privacy issues over the past year.