Facebook said on Friday it discovered a security breach that affects nearly 50 million user accounts. “We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security,” the company said in a statement.
Facebook says the hackers took advantage of a “vulnerability in Facebook’s code” that gave them access to special “digital keys” that keep people logged into their accounts without needing to re-enter their password.
Getting these digital keys meant the hackers could then use those keys to “take over people’s accounts,” the company wrote in a blog post.
CEO Mark Zuckerberg told reporters Friday that the company discovered the vulnerability on Tuesday and fixed the issue Thursday night. He said that it’s unknown if these hackers were able to successfully access personal data from Facebook users.
It’s the latest in what has been a long list of incidents with Facebook over the past two years. A software bug unveiled earlier this year changed users’ privacy settings without their knowledge or consent. A separate bug accidentally unblocked people that users had chosen to block, potentially jeopardizing user safety.
The social network already faces multiple federal investigations into its privacy and data-sharing practices, including one probe by the Federal Trade Commission, and another conducted by the Securities and Exchange Commission. Both have to do with its disclosures around Cambridge Analytica.
Facebook may also face unprecedented scrutiny in Europe, where the new General Data Protection Regulation, or GDPR, requires companies disclose a breach to a European agency within 72 hours of it occurring. In cases of high risk to users, the regulation also requires that they be notified directly. Facebook says it has notified the Irish Data Protection Commission about the issue.