Its vice president of product management admitted that this is a serious security breach. Attackers stole Facebook access tokens through its "view as" feature, which they could then use to take over people's accounts. "View as" allows users to see what their own profile looks like to someone else. Facebook has reset the access tokens of the 50 million affected accounts, and as a precaution, reset access tokens for another 40 million that have been looked up through the "view as" option over the last year. Facebook said it has just begun its investigation and has not determined if any information was misused, but the initial investigation has not uncovered any information abuse.
