"Today's disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures", reads the statement from Warner, who is the vice chairman of the Senate Select Committee on Intelligence and the co-chair of the Senate Cybersecurity Caucus.
If you suddenly had to log back into your Facebook account on Friday you may have been one of almost 50 million people who were impacted by a hack that may have accessed other social media accounts connected to the account. This will require those users to log back in to Facebook.
Facebook done anything about it?
However it did acknowledge that the weakness in its code dates back to a change that was made in July 2017, meaning the accounts were vulnerable from that time. Facebook has logged out 90 million Facebook users from their accounts.
Tinder, Airbnb, and Spotify - perhaps three of the highest-profile tech companies to use Facebook's login service - did not immediately respond to Business Insider's request for comment.
Facebook says it has taken steps to fix the security problem and alerted law enforcement - and they can't rule out if third party apps were alo affected.
No, your password has not been compromised.
The social media giant said the breach, which exploited a vulnerability in its code to take over user accounts using access tokens was discovered on Tuesday. Simply put, you can log out or initiate a security audit on your device and account.
"Because this issue impacted access tokens, it's worth highlighting that these are the equivalent of a username and password combination but are used by applications to authenticate against other applications", said Tim Mackey, senior technical evangelist at Synopsys. The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens. Preliminary investigation show these tokens were used to access posts, private messages or let the hackers post anything on the accounts. This hack bypasses everything.
It's not clear whether the attackers did this, but the possibility may force companies that rely on Facebook's login system to launch their own investigations. You can also try deactivating your account for some time, as reactivating it will also grant new access tokens, while old tokens will automatically expire.
The hackers were also given complete access (as if they were you, effectively), and so could have accessed any part of your accounts.
In a press release on Friday, Facebook announced that a security breach has resulted in data being leaked for 50 million users. For instance, if you had logged into a third-party apps like Tinder, the hacker could have gained access to your Tinder profile.
Around 300,000 people download the app, authorising access to information on their profile and also to the data of their Facebook friends.