On Sept. 28, 2018, Facebook announced that nearly 50 million user accounts were compromised in a data breach. The breach, which can be traced back to July 2017, is one of the largest in the company’s 14-year history.
While investigations are ongoing, the company said hackers exploited a software vulnerability in Facebook’s "View As" feature to steal access tokens and gain control of user accounts. Access tokens are effectively digital keys to specific accounts, and stealing them allows attackers to view private posts or compose status updates without the knowledge of the affected user.
In addition, the attack allowed the hackers to see anything that users can see on their own profile, including the names and birth dates of friends and family members. Such information could be used in future phishing attacks.
In response to the attack, Facebook reset 90 million logins automatically, fixed the software vulnerability and informed law enforcement officials. While the company says that users do not need to change their passwords, individuals experiencing login issues should navigate to Facebook’s Help Center.
As a safety precaution, users are encouraged to log in and out of all of their accounts on every device. Users can see all of the devices they’re currently signed into here.
To learn more about the breach, read Facebook’s official blog post.