Facebook shares fell in the US Friday and are lower premarket Monday, after the social media firm confirmed a security breach which hit 50 million user accounts. This is the worst security breach at the tech giant and saw hackers steal the access codes of its customers.
Are you looking for fast-news, hot-tips and market analysis? Sign-up for the Invezz newsletter, today.
Facebook shares ended the US Friday trading session 2.59% lower at $164.46. The stock is also lower in pre-market activity.
Facebook security breach investigation
Facebook said Friday, that earlier in the week it had discovered a security breach, where attackers exploited the ‘View As’ feature of the Facebook account structure. This option allows users to see what their account looks like to others. Attackers exploited this feature to access user accounts and uncover access codes.
“Earlier this week, we discovered that an external actor attacked our systems and exploited a vulnerability that exposed Facebook access tokens for people’s accounts in HTML when we rendered a particular component of the “View As” feature,” said Pedro Canahuati, VP of Engineering, Security and Privacy at Facebook.
The tech firm said its investigations were still in the preliminary stages. However, it has turned off the ‘View As’ feature and also fixed the three bugs that emerged from the option.
Thorough security review
As part of the investigation, Facebook said it is conducting a thorough security review and as a precaution, had reset the access tokens for an additional 40 million users on top of the 50 million who were definitely affected by the breach.
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” said Guy Rosen, VP of Product Management at Facebook. “We also don’t know who’s behind these attacks or where they’re based.”
“People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened,” Rosen added.