Facebook CEO Mark Zuckerberg
Facebook CEO Mark Zuckerberg speaks at Facebook Inc's annual F8 developers conference in San Jose, California, U.S. Reuters/Stephen Lam

Facebook has yet again become the victim of a cyber attack. The social media giant has learnt in its investigation that hackers had unauthorised access to approximately 30 million Facebook accounts.

On Sep. 25, it discovered that attackers had exploited a vulnerability in their system to access tokens, which are used like a digital key to request certain information through its platform. The hackers used the access tokens from Sep. 14 to 27 to get certain account information from Facebook. Once learning of the attack, Facebook said it had acted immediate to secure the site.

It had invalidated the access tokens of almost 90 million accounts that it suspected could be affected by the vulnerability. It had explained to users why they were logged out from Sep. 28. Facebook said it was still investigating and didn’t know if anyone’s information was accessed yet.

“We have now determined that attackers used access tokens to gain unauthorised access to account information from approximately 30 million Facebook accounts,” the company said in a statement. “We’re very sorry this happened. Your privacy is incredibly important to us, and we want to update you on what we’ve learned from our ongoing investigation, including which Facebook accounts are impacted, what information was accessed and what Facebook users can do about this.”

As the matter is still under investigation, Facebook vice president Guy Rosen told reporters that the FBI had asked them to limit descriptions of the attackers. Chief executive Mark Zuckerberg’s own account was also compromised. He said that although the attackers would have the ability to view private message or post on someone’s account, there were no signs that they did either of those things. They also did not appear to have stolen personal messages or financial data.

For Facebook users, they can find out if their account was one of those impacted by the vulnerability by clicking on the page for the announcement.