MENLO PARK, Calif. — Facebook is reporting a data breach that exposed the personal information of nearly 50 million users, but it has also released few additional details on just what the breach entails.
The company did not disclose, for instance, whether the crooks were able to monitor any activities in which a user might have used a payments card for a purchase through a third party.
Facebook said only that the breach had allowed hackers to take over user accounts. The hackers exploited a bug in the site’s “view as” feature that, ironically, was supposed to allow users to view their own profiles as if they were someone else so as to give users move control over their privacy.
“We’re taking it really seriously,” Mark Zuckerberg, the company’s chief executive, said in a conference. “We have a major security effort at the company that hardens all of our surfaces.”
In the wake of the discovery, more than 90 million Facebook users were forced to log out of their accounts, a common safety measure taken when accounts have been compromised.
Facebook said it did not know the origin or identity of the attackers, nor had it fully assessed the scope of the attack.
In 2017, following revelations that Facebook data was used and misused by Cambridge Analytica, Zuckerberg said, “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”