Facebook is racing to provide more information to European regulators about a major security breach affecting an estimated 50 million user accounts, with the threat of major GDPR fines hanging over the firm. "This does mean they could access other third-party apps using Facebook login", Guy Rosen, Facebook's vice president of product, said.
In the fresh Facebook data breach case, hackers stole "access tokens" or digital keys that keep people logged in to Facebook so they do not need to re-enter their password every time they use the app. The company says it has fixed the bugs.
Facebook said it spotted the breach after a noticeable spike in user traffic.
Facebook is also facing unprecedented pressure from both high-profile conservatives angry about unfounded claims that West Coast-based tech companies regularly censor them. In total, 90 million user accounts are at risk.
The hack is the latest setback for Facebook during a tumultuous year of security problems and privacy issues. Still, this is among the more serious breaches Facebook has ever suffered. Facebook has a "view as" feature that lets users see what their profile looks like when other people view them. After spotting some unusual activity earlier this month, Facebook realized what was going on on Tuesday evening and subsequently revoked these access tokens before disclosing the hack publicly on Friday - though not before 50 million people were affected. The attack then moved along from one user's Facebook friend to another.
Over the past few days, Facebook noticed massive unwanted traffic in its "view as" feature, forcing company engineers and security experts to scrutinise its backend code.
People are anxious their personal information could have been stolen.
Whitewash! Europe sweep foursomes to stun United States and lead 5-3
We have to go out there and start out hot, put a little pressure on them, and we have to be the better team tomorrow. The Americans, trailing 10-6, had threatened a comeback by winning 3½ of the first five singles points.
"We've identified and removed fake accounts ahead of elections in France, Germany, Alabama, Mexico and Brazil", Zuckerberg said. "It does seem broad".
Neither passwords nor credit card data was stolen, Rosen said. There might be some consequences for the company once the investigation of the incident is completed.
It's also not yet clear who is behind the attack on Facebook, or whether the attacks were targeted, and the reason behind it. Facebook has now patched the vulnerabilities and revoked the compromised access tokens, forcing affected users to log back in (though their passwords haven't been compromised, the company says) and notifying them about the issue.
You didn't forget that Facebook owns Instagram, did you?
On Friday, Facebook revealed that hackers had been able to access accounts due to a security flaw that had remained open for more than a year.
Facebook has suffered two data breaches in recent memory, including the Cambridge Analytica scandal, in which some 87 million accounts were compromised. Then a congressional investigation found that agents from Russian Federation and other countries have been posting fake political ads since at least 2016.
Facebook CEO Mark Zuckerberg speaks during the F8 Facebook Developers conference on May 1, 2018 in San Jose, California.