In an announcement by Facebook, the company has revealed that on the 25th of September, their systems were compromised by hackers who exploited a security flaw, which in turn saw about 50 million or so accounts compromised. According to Facebook, the flaw was in the “View As” feature that lets users see what their profile might look like to another user.
Facebook says that the flaw “allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
Users who have been affected by this will see themselves logged out of their Facebook accounts and also services that they might have logged in with using Facebook. Upon logging back in, they will be greeted by the notification in the screenshot above that lets them know what happened.
Facebook concludes, “To protect people’s accounts, we’ve fixed the vulnerability. We have also reset the access tokens of the almost 50 million accounts we know were affected and we’ve also taken the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a View As look-up in the last year. Finally, we’ve temporarily turned off the View As feature while we conduct a thorough security review.”