On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.
Well f#@k. Just a lazy 50 mil. Oops.
The “bug” allows you to nab user’s authenticated token when using Facebook’s “View as” function, simulating how your profile appears to other users.
Once you’ve got it, the authenticated token is your key to the kingdom. You’re automatically authenticated to log into Facebook and any other application you’ve federated your Facebook login to use.
The company has already taken steps to mitigate the breach, forcing affected users to log in once again and refresh their authentication as they scramble to handle the fallout.