So, Facebook just admitted to a major security issue. Not only that, but 50 million accounts were affected after hackers took advantage of a vulnerability that could have allowed them to take over those accounts.
Facebook disclosed the breach today, suggesting that attackers used a vulnerability in the “View As” feature, which allows you to view your profile as if you weren’t you, to steal access tokens. Those tokens, if in someone else’s hands, could be used to gain access to an account.
Facebook says that they’ve already fixed the vulnerability and informed law enforcement. They’ve also reset access tokens to “almost” 50 million accounts that they know were affected. They plan to reset another 40 million accounts’ access tokens too. That means that roughly 90 million people have been logged out of Facebook and will have to login the next time they visit.
Additionally, Facebook will turn off the “View As” feature until they can conduct a thorough security review.
Facebook isn’t suggesting that anyone change their passwords. Feel free to if you are worried.