Facebook said on Friday it found a security flaw in almost 50 million accounts that would allow hackers to take over people’s profiles, a potential additional blow to the social network’s record on privacy.
Facebook did not say how many accounts had been taken over through the vulnerability.
The company in a blog post said that someone had used the vulnerability to attack its network, although it did not know who was behind the attempt. Facebook said it had yet to determine whether any accounts were misused or if any information was improperly accessed.
“We’re continuing to look into this and we’ll update when we know more,” Facebook CEO Mark Zuckerberg said on a call with reporters.
The flaw in Facebook’s code was related to the social network’s “view as” feature, which lets people see what their own profile looks like to someone else. Facebook said it had disabled the feature for now and was resetting the digital keys that 50 million people use to log in, as well as the digital keys of another 40 million accounts that had been “subject” to a “view as” look-up in the past year.
Facebook said it had fixed the vulnerability since discovering it on Tuesday, and had also informed law enforcement.
Zuckerberg said Facebook faces constant hacking attempts and would continue spending heavily on security.
“We need to do more to prevent this from happening in the first place,” he said.
Zuckerberg also addressed the flaw in a post to his personal Facebook account.