On the afternoon of Tuesday, September 25, the engineering team of facebook discovered a big security issue affecting almost 51 million accounts. THEY WANT to let everyone know what’s happened and the immediate action THEY HAve taken to protect people’s security.
Their investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else.
Here is the action they have already taken. First, they have fixed the vulnerability and informed law enforcement.
Second, they have reset the access tokens of the almost 50 million accounts they know were affected to protect their security.
The attacker exploited a flaw in View As to steal access tokens for as many as 50 million accounts. With the token, someone else could take over your Facebook session and access your data.
The police are also investigating the attack with Facebook’s help.