In short: Facebook announced on Friday that its engineers had discovered a bug earlier in the week that essentially allowed hackers to access around 50 million accounts on the platform. The bug was inside the “View As” feature on the site, which allows people to view their profile as someone else. This would allow the hackers to steal Facebook access tokens, which can then be used to get access to accounts. This is because Access Tokens are similar to digital keys and allow people to stay logged into Facebook, without the need of re-entering their password. Facebook says that it has already taken action by fixing the vulnerability and disabling the “View As” feature for now. It has also informed law enforcement.
Background: Bugs like this are pretty common in the tech world. While companies don’t want these things to happen, it’s pretty much impossible to roll out a feature or software that is 100-percent bug free. So it’s the nature of the beast essentially. But the issue here is that someone (or someones) attempted to hack into around 50 million accounts, and that’s why law enforcement is getting involved. Facebook was quick to get on this issue and fix the issue, which is definitely a good thing. Showing that the social media giant has learned from its mistakes earlier in the year.
Impact: For now, the “View As” feature is disabled, no word yet on when it will be enabled again. Facebook has also had to reset access tokens to nearly 50 million accounts, those that were affected. Facebook is not taking any chances, and is also resetting the access tokens for another 40 million accounts that were the subject of “View As” look-up in the past year. And because of this, Facebook is going to be adding a notification to the Facebook app and website to show users why they need to re-login to their Facebook app and accounts elsewhere. The notification looks like what is pictured below.