Facebook unveiled on its official blog their constant efforts to solve the last Security Breach. Last week, they announced that their engineering team has fixed the vulnerability and reset the access tokens -which are the digital keys that allow users to remain logged in without having to enter their password every time they access their account- for a total of 90 million accounts, 50 million that had access tokens stolen and 40 million that were subject to a “View As” look-up in the last year.
Last week, specifically in the afternoon of Tuesday, September 25, Facebook announced in an official blog post that the Facebook engineering team found a security hack that’s affecting at least 50 million accounts worldwide. Facebook clarified that this attack uses the vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. Accordingly, those attackers succeeded in stealing Facebook access tokens which they could then use to take over people’s accounts.
Since then, Facebook took effective actions to protect the security of users’ accounts and investigate what happened, such as:
In the same announcement, Facebook mentions that during their investigation to find what exactly this attack means for the apps using the Facebook Login, they couldn’t find any evidence that the attackers accessed any apps using Facebook Login. Facebook also recommends some impactful Facebook Login security best practices for developers, which are: