Facebook has confirmed that an “outdated security policy” could allow an attacker to gain control of an account by using an out-of-date security policy, according to a vulnerability report published Wednesday.
The report by Trend Micro said that while an attacker could gain access to a Facebook user’s profile, the account would not be accessible to them unless they use a secure password.
Trend Micro said the issue is in the way Facebook has implemented its secure user settings.
The vulnerability is not limited to users.
Facebook’s privacy policies for users are outdated and could be vulnerable to attackers, Trend Micro wrote.
Affected accounts include those that use Messenger, Facebook Groups, Pages, Messenger apps, and Pages for Business.
Users who have recently updated their accounts can turn the new security policy back on by going to their settings page and clicking the Security tab.
Users can also opt out of a new security feature that allows them to restrict the access of their profile and email addresses, and restrict the sharing of information with third parties.
Users should also be cautious when sharing information from Facebook to a third party.