Social media superpower Facebook announced on Friday that millions of the company’s users have been victims of a data breach. According to Reuters, hackers cracked login codes for “up to 50 million” accounts in what is being called the worst security incident in the company’s history.
“This is a very serious security issue, and we’re taking it very seriously,” said Facebook CEO Mark Zuckerberg while speaking to reporters, according to CNBC.
In response to the security breach, several U.S. lawmakers called for an increase in personal data protection laws.
“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users,” said Senator Mark Warner, via a statement.
According to Reuters, this latest incident actually began in 2017, although the company only discovered the issue on Tuesday.
Hackers were able to utilize an error in the website’s “View As” feature, which allows users to view their profiles as the public sees them. According to CNBC, “three separate bugs” helped hackers obtain crucial “access tokens,” which are “digital keys” that allow users to remain logged into their accounts, even after closing the browser. Facebook reset the about 90 million users’ tokens on Friday as a precaution. The “View As” feature was also temporarily disabled.
According to Market Watch, users who were automatically logged out of their account on Friday morning were likely victims of the breach. Experts encouraged affected users to change their password as well.
“Because the extent of the hack is unknown, we recommend that everyone with a Facebook account updates their Facebook password, as well as any similar passwords that they use for other online accounts,” said Dashlane CEO, Emmanuel Schalit, while speaking to Market Watch. “Each of your online accounts should have a unique, complex password — this is especially true of accounts that contain sensitive personal information like social media accounts, banking accounts, and email accounts.”
Facebook also announced it would be doubling the number of employees working on cybersecurity. The company has alerted the appropriate US federal law enforcement agencies, as well as cybersecurity officials in Ireland.
“Security is an arms race, and we’re continuing to improve our defenses,” Zuckerberg said, according to CNBC. “This just underscores there are constant attacks from people who are trying to underscore accounts in our community.”
In the wake of the announcement, Facebook’s stock dropped by more two and a half percent on Friday, according to Market Watch.
This setback is the latest in a series of issues the company has faced recently. Earlier this year, the company testified in front of the Senate Intelligence Committee to answer questions regarding the 2016 presidential election. The company also came under fire after it was made public that 87 million of the website’s users had their data obtained by political consultant firm Cambridge Analytica.