On 28 September 2018, Facebook Inc published a security update regarding a
data breach that affected almost 50 million users account.
The attackers exploited a vulnerability in Facebook's "View As" feature to gain unauthorized access of user accounts that lets users see what their own profile looks like to someone others profile. The attackers used Facebook's APIs to access personnel details of user account.
This vulnerability allowed attackers to steal the user's access tokens, which they could then use to gain access to the Facebook account and other third-party websites that the user had logged into using his/her Facebook credentials.
The attackers could leverage the vulnerability to access the personal information stored in user's Facebook accounts, using such information, scams and phishing attempts could look more credible.
Facebook has also reset the access tokens of the 50 million user accounts that were affected and another 40 million accounts that have been subject to a "View As" look-up in the last year. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.