US social media company Facebook has announced that up to 50 million user accounts were accessed by unknown attackers, its worst security breach ever and the latest privacy embarrassment for the world's largest social networking service.
The attackers stole digital login codes and gained the ability to “seize control” of those user accounts, Facebook said Friday.
Facebook, with more than 2.2 billion monthly users, said it does not know who was behind the attacks or where they were based.
The company reset the digital keys of the 50 million affected accounts, and as a precaution temporarily disabled “view as” and reset those keys for another 40 million that were “vulnerable.”
Facebook co-founder and CEO Mark Zuckerberg described the incident as “really serious” in a conference call with reporters. His account was affected along with that of Chief Operating Officer Sheryl Sandberg, a spokesperson said.
Facebook made headlines earlier this year after profile details from 87 million users was improperly accessed by political data firm Cambridge Analytica.
US lawmakers said on Friday that the hack may boost calls for data privacy legislation.
“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users,” Democratic US Senator Mark Warner said in a statement.
The breach is the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had personal data hijacked by a political firm working for Donald Trump in 2016.
In 2013, Facebook disclosed a software flaw that exposed 6 million users’ phone numbers and email addresses to unauthorized viewers for a year, while a technical glitch in 2008 revealed confidential birth-dates on 80 million Facebook users’ profiles.
A Pew Research Center report released in September found 42 percent of US Facebook users said they had "taken a break" from the platform in the past 12 months, and 26 percent said they had deleted the Facebook app from their phone.