Facebook Resetting Access Tokens for 90M Users After Breach

On Sept. 28, the company publicly admitted that it was the victim of a data breach that impacted approximately 50 million user accounts. Out of an abundance of caution, Facebook is resetting the access tokens for a total of 90 million user accounts. The breach was apparently discovered in the afternoon on Sept. 25 and was quickly remediated. "Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted 'View As', a feature that lets people see what their own profile looks like to someone else," Guy Rosen, vice president of product management at Facebook, wrote in an advisory. "This allowed them to steal Facebook access tokens which they could then use to take over people's accounts."