Facebook has contacted the Irish data protection commissioner Helen Dixon about a security breach that allowed hackers to access up to 50 million user accounts. The breach, which the social network made public on Friday, sent Facebook’s shares down sharply.

A spokeswoman said it was as yet too early to establish whether or not the accounts of Irish Facebook users had been affected.

The world’s largest social network, which has 2.23 billion monthly users, is already struggling in the wake of a data breach to Cambridge Analytica and from accusations of its being a platform to spread political disinformation.

Mark Zuckerberg, Facebook’s founder and chief executive, said the latest breach was a “serious issue” and the company was taking steps to address it.

“The reality here is we face constant attack from people who want to take over accounts,” he said. “We need to do more to prevent this from happening in first place.”

Facebook has its European headquarters in Dublin and thus falls under the remit of Irish data protection authorities.

The company’s share price dropped 3.3 per cent to $163.18 after Facebook said that it had reported the attack to the FBI. It has not yet discovered who was behind the breach or what information they may have accessed.

If accounts were accessed, hackers may have been able to read private messages and post as if they were the user.

This is Facebook’s first data breach since the implementation of the EU’s General Data Protection Regulation, which carries the threat of fines of up to 4 per cent of global revenue for serious breaches, which would equal $1.6 billion for Facebook.

Fixed on Thursday

The breach was found on Tuesday and the flaw was fixed on Thursday night. But it is also not known how long the attackers may have been able to exploit the flaw, which has been in the product since July 2017.

Guy Rosen, vice-president of product management, explained that attacks had found a flaw in Facebook’s “View as” feature, designed to let people see how their profiles look to others.

Using this flaw, they were able to steal the access tokens, a kind of key, to those accounts.

Facebook has reset the access tokens of the almost 50 million accounts affected, forcing them to log out of their accounts on Friday morning. It will also reset access tokens for another 40 million accounts that could be compromised. Potentially affected users will be notified in their newsfeeds and they do not need to reset their passwords, Facebook said. The company has fixed the flaw and is temporarily suspending the ‘View as’ feature.

“People’s privacy and security is incredibly important, and we’re sorry this happened,” he said in a blog post.

Facebook is still dealing with the fallout from the massive data leak to Cambridge Analytica, where up to 87 million users may have had some data accessed by the research firm that worked for the Donald Trump campaign.

That data breach prompted investigations around the world into how the social network handles the data of its more than two billion users. The UK’s information commissioner’s office has said it intends to fine Facebook the maximum fine of about £500,000. In the US, it still faces investigation from the Federal Trade Commission and the Security Exchange Commission. – Copyright The Financial Times Limited 2018