On Tuesday, September 25, Facebook discovered a security issue affecting almost 50 million accounts.
As explained in their statement, attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.
The actions stated in the security update:
First, they fixed the vulnerability and informed law enforcement.
Second, they have reset the access tokens of the almost 50 million accounts they knew were affected to protect their security. Also, as a precautionary step, Facebook was resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. So, around 90 million people will now have to log back into Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.
And as the third act, they temporarily turned off the “View As” feature while conducting a thorough security review.
What to do next
There’s no need for anyone to change their passwords, so far. But people who are having trouble logging back into Facebook — for example, because they’ve forgotten their password — should visit the Facebook Help Center.
CTV Services will continue to share all security updates and press releases regarding data protection and privacy. We encourage all our Facebook friends to reach out if they need any additional help and support.