Facebook recently disclosed that up to 90 million users may have been affected by a bug with their ‘View As’ feature. The ‘View As’ feature allows users to view their profile from the perspective of other users, the feature allows you to see how much of your data is on display to individuals with varying levels of access to your profile e.g. friends or non-friends.
In a blog post they said the bug “allowed them to steal Facebook access tokens which they could then use to take over people’s accounts,” Facebook wrote. “Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
Facebook have since said they are removing the insecure feature and resetting the access tokens of 50 million accounts that the company said it knows were affected, as well as the tokens for another 40 million users that may have been impacted over the past year.
Facebook are still unaware of who the perpetrators were and if any personal information was accessed through the attack.