The incident is one of the worst security breaches in Facebook’s history and is raising concerns about the social networking site’s security and vulnerability to hackers, according to the Washington Post.
According to Facebook, users were tricked into pasting malicious code into their browsers, which enabled hackers to gain access to profiles and post images visible to the user’s Facebook friends.
The attack comes as Facebook is reportedly nearing a settlement with the US Federal Trade Commission after an investigation into the social network’s privacy practices.
“We are always working to improve our systems to isolate and remove material that violates our terms,” Facebook spokesman Andrew Noyes said in a statement.
“Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible,” he said.
Internet reports said security experts are concerned that further attacks on the Facebook platform could be used to send false messages friends to lure them to malicious credential-stealing sites.
Graham Cluley, senior technology consultant at security firm Sophos, said Facebook needs to get a handle on this problem quickly, and prevent it from happening on such a scale again.
This story was first published by Computer Weekly