Shares in Facebook fell more than 3% as the social media company said it discovered a security breach earlier this week that affected almost 50 million accounts.
The company said it has fixed the breach, which allowed hackers to take over people’s accounts.
The network said in a statement that it has told law enforcement authorities about the breach.
There was a loophole in Facebook’s code for a feature called ‘view as’ that let people see what their account looks like to someone else.
The vulnerability allowed people to steal access tokens — digital keys that keep people logged into Facebook so they don’t need to re-enter passwords.
Once logged in, the attackers could take control.
“This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted ‘view as’, Facebook said.
“The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.”
Everyone whose profile used the ‘view as’ tool in the last year will have to log in to Facebook again, and any apps that used Facebook to log in.
From there, they’ll be able to see a statement from Facebook explaining what happened.
The company estimated that about 90 million people will have to log in again.
It is the latest in a series of negative events involving Facebook, which employs around 3,000 in Ireland.
The firm, headed by Mark Zuckerberg, said it was taking the incident “incredibly seriously” and that its investigation was still in the early stages.
A blog post by vice president of product management, Guy Rosen said: “Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed.
“We also don’t know who’s behind these attacks or where they’re based.
“We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change.
“People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened,” he said.
Bloomberg and Irish Examiner