Facebook have announced that an estimated 50 million user accounts were affected by a security breach that could allow attackers to take over the accounts.
Facebook says it discovered the problem on Tuesday, that its internal investigation “is still in its early stages” but that there is no indication who might be behind the attack or what user data was taken.
The problem stemmed from a loophole in Facebook’s code for a feature called "View As" that let people see what their account looks like to someone else. The vulnerability allowed people to steal access tokens -- digital keys that keep people logged into Facebook so they don’t need to re-enter passwords.
Once logged in, the attackers could take control of the account. Facebook say that the flaw has now been fixed and that they have reset the access tokens of the 50 million people they consider potentially affected, as well as a further 40 million accounts subject to a “View As” look-up in the last year.
This has meant that around 90 million users have been logged out of their accounts and required to log back in.
Sean Humber, a data breach specialist at Leigh Day said: “Facebook users will be truly exasperated by this latest massive data breach, coming hot on the heels of the Cambridge Analytica scandal involving the misuse of data of some 87 million users.
"Clearly, Facebook urgently need to get to the bottom of this latest breach and inform affected users what of their personal information was accessed or whether their accounts have been misused. Those affected may well have claims for compensation for the distress caused by this latest breach and loss of personal information as well as any financial losses suffered.”
If you are a UK Facebook user and have received a message from Facebook saying that your personal information may have been breached or have been logged out of your account and required to log back in and wish more to receive more information about bringing a claim for compensation then please complete this form.