Facebook discovered security issue affecting almost 50 million accounts

You may notice on Friday that you were required to re-enter your password before logging into Facebook... well according to Facebook, it discovered a security breach affecting nearly 50 million accounts and that it's not yet clear whether any information was accessed or any accounts were otherwise misused.

The vulnerability that caused the breach was found Tuesday and was fixed on Thursday night, Facebook says. 

It was the result of bugs introduced into Facebook's code in July 2017. No passwords or credit card numbers were stolen, the company says.

But as a result of the breach, attackers could gain access to a user's account — hypothetically giving them the ability not only to view information, but to use the account as though they were the account holder.

We do not yet know if any of the accounts were actually misused, Facebook CEO Mark Zuckerberg told reporters Friday.

This is a really serious security issue, and we are taking it really seriously.

The company said it is working with the FBI and conducting an investigation, which is "still in its early stages."

Facebook does not yet know who carried out the attacks or where they were based. The company knows the attackers attempted to access profile information, but not whether they succeeded; it does not yet have evidence that the attackers accessed private messages or posted to accounts.

FACEBOOK SAYS ON SEPTEMBER 25, CO’S ENGINEERING TEAM DISCOVERED SECURITY ISSUE AFFECTING ALMOST 50 MILLION ACCOUNTS
* FACEBOOK SAYS INVESTIGATION IS STILL IN ITS EARLY STAGES ABOUT LATEST SECURITY INCIDENT

* FACEBOOK SAYS ATTACKERS EXPLOITED VULNERABILITY IN FACEBOOK’S CODE THAT IMPACTED CO’S “VIEW AS” FEATURE
* FACEBOOK SAYS SINCE CO JUST STARTED THE INVESTIGATION, CO HAS YET TO DETERMINE WHETHER THESE ACCOUNTS WERE MISUSED OR ANY INFORMATION WAS ACCESSED
* FACEBOOK SAYS CO ALSO DOES NOT KNOW WHO IS BEHIND THE ATTACKS OR WHERE THEY ARE BASED
* FACEBOOK SAYS ATTACKERS’ EXPLOITATION OF CO’S CODE ALLOWED THEM TO STEAL FACEBOOK ACCESS TOKENS THAT COULD BE USED TO TAKE OVER PEOPLE’S ACCOUNTS
* FACEBOOK SAYS IF IT FINDS MORE AFFECTED ACCOUNTS, IT WILL IMMEDIATELY RESET THEIR ACCESS TOKENS
* FACEBOOK SAYS FIXED THE VULNERABILITY IN FACEBOOK’S CODE THAT IMPACTED “VIEW AS” FEATURE AND INFORMED LAW ENFORCEMENT
* FACEBOOK SAYS RESET THE ACCESS TOKENS OF THE ALMOST 50 MILLION ACCOUNTS THAT IT KNOWS WERE AFFECTED TO PROTECT THEIR SECURITY
* FACEBOOK SAYS TEMPORARILY TURNING OFF ITS “VIEW AS” FEATURE WHILE CONDUCTING A SECURITY REVIEW
* FACEBOOK SAYS ALSO PRECAUTIONARILY RESETTING ACCESS TOKENS FOR ANOTHER 40 MILLION ACCOUNTS THAT HAVE BEEN SUBJECT TO A “VIEW AS” LOOK-UP IN THE LAST YEAR
* FACEBOOK SAYS AROUND 90 MILLION PEOPLE WILL NOW HAVE TO LOG BACK IN TO FACEBOOK
* FACEBOOK SAYS LATEST SECURITY INCIDENT STEMMED FROM A CHANGE MADE TO FACEBOOK’S VIDEO UPLOADING FEATURE IN JULY 201

Read more on NPR