SAN FRANCISCO — Facebook on Friday said an attack on its computer network led to the exposure of information from nearly 50 million of its users.
The company discovered the breach earlier this week, finding that attackers had exploited a feature in Facebook’s code that allowed them to take over user accounts. Facebook fixed the vulnerability and notified law enforcement officials.
More than 90 million of Facebook’s users were forced to log out of their accounts Friday morning, a common safety measure for compromised accounts.
Facebook said it did not know the origin or identity of the attackers, nor had it fully assessed the scope of the attack. The company is in the beginning stages of its investigation.
The discovery of the hack comes at one of the most difficult times in Facebook’s history. The company has dealt with fallout over its role in a widespread Russian disinformation campaign around the 2016 presidential election.
The company is facing the threat of regulation from Washington over concerns of whether it has grown too powerful. And Facebook is still reeling from the fallout over its role in the Cambridge Analytica scandal. The British analytics firm may have improperly obtained the data of up to 87 million Facebook users.
One of Facebook’s most significant challenges has been convincing its users that it is responsible enough to handle the incredible wealth of data the company handles. More than 2 billion people use Facebook every month, and another two billion separately use WhatsApp, a messaging app owned by Facebook, and Instagram, the Facebook-owned popular photo-sharing app.
“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Mr. Zuckerberg said in a statement regarding Cambridge Analytica earlier this year.
Even before Friday’s disclosure, Facebook was facing multiple Federal investigations into the company’s broader data sharing and privacy practices. The Securities and Exchange Commission has opened an investigation into Facebook’s statements on Cambridge Analytica.
To contain the fallout, Facebook said it has instituted strict data-sharing policies with third-parties, and has scaled back the amount of data it would share with developers in the future. The company suspended access to more than 400 third-party apps after an audit of the thousands of outside apps connected to Facebook.