Nearly 50m Facebook accounts were compromised by an attack that gave hackers the ability to take over users’ accounts, Facebook revealed on Friday.
The breach was discovered by Facebook engineers on Tuesday 25 September, the company said, and patched on Thursday. Users whose accounts were affected will be notified by Facebook. Those users will be logged out of their accounts and required to log back in.
The security breach is believed to be the largest in Facebook’s history and is particularly severe because the attackers stole “access tokens”, a kind of security key that allows users to stay logged into Facebook over multiple browsing sessions without entering their password every time. Possessing a token allows an attacker to take full control of the victim’s account, including logging into third-party applications that use Facebook Login.
I was one of the people who got logged out, so I guess I am hit. At first, I thought “oh nooooo” because everytime something bad happens on my FB account I get logged out first. But it turns out I was simply hacked by having my token stolen. How does that even happen?