Facebook have confirmed that they have suffered a data breach, affecting almost 50 million accounts.
It is believed that attackers exploited a vulnerability in Facebooks “View As” feature in order to steal access tokens. Access tokens are ‘digital keys’ which allow users to stay logged into Facebook without having to re-enter their password.
Guy Rosen, Facebook’s VP of Product Management confirmed that 50 million accounts have have their Access Token reset, with an additional 40 million reset as a precaution.
Facebook have also disabled the “View As” feature while investigations continue. The feature allows you to see what a particular friend, or people that you aren’t friends with can see on your profile, such as old posts your may not have restricted.
Details are still emerging, but it appears the vulnerability was introduced back in July 2017 when developers made changes to the video uploading feature.
What To Do
If you’ve been unexpectedly logged out by Facebook then your account is one of the ones affected. Facebook say there is no need for anyone to change their password, but as a precaution, is probably a good idea. Or even better, implement 2FA (2 factor authentication) in Settings > Security and Login.