According to him, investigation is still in its early stages.
There was a loophole in Facebook's code for a feature called "View As" that let people see what their account looks like to someone else. Facebook said the stolen access tokens were digital keys that allowed people to stay logged in to Facebook.
A further 40 million accounts, who have been subject to a "view as" look-up feature in the a year ago, will have their access tokens reset as a precautionary measure. Those users will need to log back into their accounts. "The truly concerned should use this as a reminder and an opportunity to review all of their security and privacy settings on Facebook and all other social media platforms", Chester Wisniewski, Principal Research Scientist with global cyber-security major Sophos, said. The vulnerability had existed since July 2017, but Facebook did not discover it until this month when it spotted an unusual increase in the use of its "view as" feature. While they have also informed law enforcement, they don't know who the attackers are or where they are based.They reset the access tokens of the 50 million accounts they know were affected.
The social network discovered the breach on Tuesday and is still investigating the issue, Guy Rosen, VP of Product Management, wrote in the announcement. Not only that, but 50 million accounts were affected after hackers took advantage of a vulnerability that could have allowed them to take over those accounts. However, Facebook assures there is no need for anyone to change their password. In the meantime, while conducting its investigation, it has temporarily disabled the "View As" feature to avoid further problems. That is enough for a phishing attack on people's other accounts, like banks or credit cards, but it does mean that no banking or sign-in information should have been at risk.
This latest hack involved a bug in Facebook's "View As" feature, the company said in a blog post.
If your account was affected, Facebook will notify you in a message at the top of your News Feed when you log back in to explain what happened.
The company said that it doesn't yet know whether the breach was used by anyone to access information from those 50 million Facebook users without their knowledge.
"I want to update you on an important security issue we've identified", he posted.