According to Facebook, the attackers made use of the Facebook code that functioned as the ‘View As’ feature. A feature that allows a user see how others visualise his or her profile. The vulnerability of the code enabled the cyber attackers to gain control of Facebook’s access token allocated to about 50 million accounts. For the uninitiated, an access token is what keep users logged into an account after they must have logged in once, without the need to log in again on the app. As a matter of fact, the access tokens of 90 million Facebook accounts were reset (of which the 50 million breached accounts are included) on Friday as a security measure to this breach. In other words, the owners of these accounts will need to log in again as they have been logged out as a result of the reset. There’s no need to change the Facebook passwords as the attackers were not able to gain access to that. In addition to not knowing the full extent of the breach, the company also doesn’t know the culprits. Meanwhile, steps have been taken to report the issue to their data regulators in Ireland. About the security breach, this was what the company’s CEO, Mark Zuckerberg had to say: With time, we’re expected to receive more updates from the social media giant regarding this mishap.
