Facebook on Friday said a breach affected 50 million people on the social network.
The vulnerability stemmed from Facebook’s “view as” feature, which lets people see what their profiles look like to other people. Attackers exploited code associated with the feature that allowed them to steal “access tokens” that could be used to take over people’s accounts.
While access tokens aren’t your password, they allow people to log in to accounts without needing it. As a precautionary measure, Facebook logged about 90 million people out of their accounts, the company said.
The social network said it discovered the attack earlier this week. The company has informed the FBI and the Irish Data Protection Commission. Facebook said the investigation is in the early stages and it doesn’t yet know who was behind the attacks.
