On Friday last week, Facebook reported its worst ever data breach with over 50 million user accounts being compromised.
Nearly 90 million users were logged out of their Facebook accounts due to this heavy security breach and additional 90 million accounts were also logged out for security measures.
Hacker or hackers (Facebook is yet to confirm this) apparently stole what we know as ‘access tokens’, that allowed to exploit a feature called “view as” which lets user see what their profile looks like when seen by certain friends or other members.
The social media giant, revealed that the vulnerability allowed hacker(s) to steal the automated log-in credentials or access tokens.
These made it easy for the users to log-in and use other third party apps like Spotify, Pinterest etc. This flaw has been there since July 2017, but was discovered by when the team discovered an unusual activity.
Facebook has said that the vulnerability since then, but it’s still not confirmed what all the information the hackers were able to get their hands on and steal.
The social media company has also advised users, which were logged out to update their account passwords in the wake of this security breach.
These access tokens are unique string of codes, letters and numbers, which are used to use other services without having to log-in to the account again and again.
It’s convenient, but if we look it from security point of view, it’s a bad move, as even if one of your accounts gets hacked, it can render other accounts on various other apps and services, vulnerable.