Should I Change My Facebook Password? Major Security Breach Affecting 50 Million Accounts Reported

Facebook announced Friday that nearly 50 million accounts were compromised due to a security breach. The hack was discovered Tuesday and Facebook made an announcement Friday afternoon. 

The issue was announced through a blog post on the Facebook Newsroom website.

facebook logo A picture taken in Paris on May 16 shows the logo of the social network Facebook on a broken screen of a mobile phone. The company announced a security breach Friday. Joel Saget/AFP/Getty Images
"There’s no need for anyone to change their passwords. But people who are having trouble logging back into Facebook — for example because they’ve forgotten their password — should visit our Help Center," Facebook said. 

Users can, however, go to the "Security and Login" part of the website to see if there are any logins to their account from a device that does not belong to them. 

The hackers used a weakness in the code with the "View As" feature of Facebook, the company's statement said. But the development is so new that Facebook said it is still gathering information. Gaining access through "View As" allowed the hackers to get access tokens on the site for the nearly 50 million user profiles.   

"Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app," Facebook said. 

Facebook said it fixed the vulnerability and reset the access tokens as well. Facebook CEO Mark Zuckerberg shared on his own Facebook account news about the breach. "We patched the issue last night and are taking precautionary measures for those who might have been affected," he wrote Friday. 

He also shared that anyone who used the "View As" feature since the vulnerability was introduced would be logged out of their account and would need to log back in.

While Facebook is still conducting a review of the security of the site, the "View As" feature is going to be unavailable. Facebook said it was unsure whether any of the information from the accounts that were compromised was accessed or whether the accounts were misused. 

"We face constant attacks from people who want to take over accounts or steal information around the world. While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place," said Zuckerberg's post.

This is a developing story and will be updated as more information becomes available. 

Join the Discussion

Editor's Pick