More bad news: Facebook has announced that a security exploit allowed attackers to gain control of at least 50 million user accounts.
According to the company, the exploit impacted a feature that lets users see what their profile looks like to another user. In this case, the breach doesn’t appear to involve extracting data from servers. Instead, the defect—introduced by a change to the way videos get uploaded—allowed users to gain control of a user’s account directly, without a password. Facebook says they have fixed the vulnerability and taken steps to protect other users who could have been impacted. “We’re taking this incredibly seriously,” Guy Rosen, Facebook’s vice president of product management, wrote on the company’s behalf.