Illustration: Rebecca Zisser/Axios

Facebook today revealed a “security issue” in which a code flaw could have allowed hackers to take over upwards of 50 million user accounts.

“We face constant attacks from people who want to take over accounts or steal information…We need to do more to prevent this from happening in the first place."
— Facebook CEO Mark Zuckerberg, during a call with reporters.

The big picture: This is just the latest in a long string of recent problems for Facebook, including executive defections, social media interference, privacy concerns, and accusations of anti-conservative bias.

"The original investigation started when we saw a pattern of increased usage to the site and when we dug into that we found this was an attack exploiting that vulnerability."
— Guy Rosen, Facebook's vice president of product management

Why it matters: Facebook's headache is no longer about a third party brokering user data — this is about Facebook's code having a flaw that allows hackers to access personal information in user accounts. And there is nothing users can do about it from a security standpoint but let Facebook roll out an update.

The code vulnerability is related to the “view as” feature on profiles, where users can view their profiles through the eyes of someone else.

  • Facebook says the hack was produced by the interaction of three "bugs" introduced when Facebook updated the video upload feature in July, 2017.

The company does not yet know if information has been misused or accessed, which is something CEO Mark Zuckerberg reiterated during a media call.

  • Passwords were apparently not accessed. Neither was any credit card information.
  • Facebook says it has fixed the code vulnerability, and the "view as" feature is temporarily turned off.
  • The company says it is working with the FBI. It also alerted law enforcement in Europe, per new privacy rules there called GDPR, and the Department of Homeland Security.

Facebook says it first learned of the vulnerability this past Tuesday. On Wednesday it alerted authorities and on Thursday fixed the vulnerability and began resetting access codes.

Go deeper: Everyone unfriends Facebook

Correction: This story has been updated to specify the year of the hack and correct that the bug was in the video upload feature's code.

Go deeper

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 12 p.m. ET: 30,241,377 — Total deaths: 947,266— Total recoveries: 20,575,416Map.
  2. U.S.: Total confirmed cases as of 12 p.m. ET: 6,681,251 — Total deaths: 197,763 — Total recoveries: 2,540,334 — Total tests: 91,546,598Map.
  3. Politics: Trump vs. his own administration on virus response.
  4. Health: Massive USPS face mask operation called off The risks of moving too fast on a vaccine.
  5. Business: Unemployment drop-off reverses course 1 million mortgage-holders fall through safety netHow the pandemic has deepened Boeing's 737 MAX crunch.
  6. Education: At least 42% of school employees are vulnerable.
2 hours ago - Economy & Business

Anxious days for airline workers as mass layoffs loom

Sara Nelson, president of the Association of Flight Attendants, during a Sept. 9 protest outside the Capitol. Photo: Alex Wong/Getty Images

The clock is ticking for tens of thousands of anxious airline employees, who face mass reductions when the government's current payroll support program expires on Sept. 30.

Where it stands: Airline CEOs met Thursday with White House Chief of Staff Mark Meadows, who said President Trump would support an additional $25 billion from Congress to extend the current aid package through next March.

House Democrats ask DOJ watchdog to probe Durham's Trump-Russia investigation

Attorney General Bill Barr. Photo: Kamil Krzaczynsky/AFP via Getty Images

Four Democratic House committee chairs on Friday asked the Justice Department's inspector general to launch an "emergency investigation" into whether Attorney General Bill Barr and U.S. Attorney John Durham, his appointee, are taking actions that could "improperly influence the upcoming presidential election."

Catch up quick: Last year, Barr tapped Durham to conduct a sweeping investigation into the origins of the FBI's 2016 Russia probe, after he and President Trump claimed that it was unjustified and a "hoax."