“Attackers exploited a vulnerability in Facebook’s code that impacted ‘View As,’ a feature that lets people see what their own profile looks like to someone else,” Facebook says in a statement posted Friday. “This allowed them to steal Facebook access tokens, which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app. “Facebook says it discovered the issue Tuesday afternoon. “We’ve fixed the vulnerability and informed law enforcement,” it says in the statement.The company says it has reset the access tokens for the almost 50 million compromised accounts, as well as an additional 40 million accounts that have also been subject to the “View As” look-up in the last year. “As a result, around 90 million people will now have to log back into Facebook, or their apps that use Facebook login,” according to the statement.Facebook has also turned off the “View As” feature pending further investigation.”There is no need for anyone to change their passwords,” the social network giant says.Facebook says the origin of the attacks is unknown.”Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” the statement notes. “We’re working hard to better understand these details. … If we find more affected accounts, we will immediately reset their access tokens.”

Source: Click here