Facebook on Friday confirmed a breach earlier this week may have compromised the information of up to 50 million users. The breach, however, could potentially allow a person (or group) to completely take over someone’s account.
As of now, Facebook does not know who exploited the code, but law enforcement has been notified.
According to Facebook, hackers exploited a vulnerability in Facebook’s code relating to a “View As” feature, which allows users to see what their profile looks like to someone else.
“This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts,” said Facebook VP of product management, Guy Rosen.
While Facebook admitted at least 50 million accounts were affected by the breach, more than 90 million Facebook users could be at risk. As a result, Facebook is forcing people to sign out of their accounts before signing back in.
Worryingly, Facebook doesn’t yet know the full scope of the hack, though it did confirm the vulnerability has been fixed. Over the coming days, Facebook will continue to assess the damage.
“We’re working hard to better understand these details—and we will update this post when we have more information, or if the facts change,” Rosen said.