Attackers were able to exploit a vulnerability in the “view as” feature, which allows users to see how their profile looks like to someone else.
The vulnerability caused by three different bugs allowed the attackers to illegally obtain access tokens, thus could have taken over users’ accounts. Users remain logged in to Facebook via an access token, without having to log in again each time they use the app.
The leak originated in July 2017 when Facebook modified the video upload feature. The 50 million affected accounts have to log in again for security reasons. Do you already have a social media policy and know how to prevent, treat and report data breaches?