Got logged out of Facebook? Well, your account was breached

In a blog post on Friday, Facebook said that the vulnerability had been discovered by Facebook's engineering team on September 25.

Exploiting a vulnerability in Facebook's 'View As' feature, the attackers were able to steal access tokens that allowed them to take over people's accounts.

Consequently, Facebook reset the access tokens of the 50 million affected accounts, and another 40 million accounts.

Facebook also said that the vulnerability had been created in July 2017 when a new video upload functionality was launched.

After discovering anomalies, Facebook launched a probe on September 16, and discovered the vulnerability on September 25.

The social media giant claims that the vulnerability was fixed on September 27, following which it began resetting access tokens, thereby resulting in users getting logged out.

The vulnerability resulted from the combination of three bugs affecting access tokens in Facebook accounts.

When the social media giant was asked as to why it took so long to find the bug, Facebook's VP of Product Management, Guy Rosen, said that despite conducting code reviews using static analysis tools, the "complex interaction of bugs that led to this vulnerability" wasn't detected.

Facebook confirmed that because the attackers took over people's accounts via 'access tokens', which are digital keys that keep you logged in, passwords were not stolen.

However, it's not known for how long hackers exploited the vulnerability.

The extent of damage isn't known either- hackers could have stolen profile data (like the Cambridge Analytica scandal), as well as personal data like messages, photos, etc.