Facebook made an announcement today, but it was not the fun type. Guy Rosen, vice president of product management at Facebook, says that at least 50 million user accounts have been compromised by unknown parties. The social network is taking several steps to protect the affected accounts, as well as other accounts that have a questionable participation.
Facebook learned about the attack on Tuesday. The cause was an error in the site code for a function called "See as" that allows you to see how your profile looked to another person. The attacker exploited a flaw in Vista to steal access tokens for up to 50 million accounts. With the token, someone else could take over your Facebook session and access your data.
All those accounts have been manually closed by Facebook to invalidate the stolen tokens. In addition, Facebook closed the session of another 40 million accounts that have a "See as" request from last year. If your account was affected, you will see an alert when you sign in again. The vulnerability has been fixed at the end of Facebook, but it is also closing See how until you can perform a full analysis of what happened. The police are also investigating the attack with the help of Facebook.