"On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting nearly 50 million accounts".
"The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens", Facebook wrote.
The issue was discovered on 25 September and the social media giant said it had since taken steps to mitigate the breach and has alerted law enforcement.
That means if any of the 50 million hacked accounts also use Facebook as a connected account to their profiles on Tinder, Spotify, Instagram, or AirBnB, then those accounts may have also been hacked in the process.
The flaw that attackers exploited stemmed from a video-uploading feature change Facebook made in July 2017, but it did not elaborate.
Canada postpones United Nations address to focus on NAFTA
In the United States, there is a three-month time frame for doing so - meaning Congress must have the text of the deal by Sunday. The 1994 pact underpins $1.2 trillion in annual trade and its demise would be enormously damaging, say economists.
Deadly Flu Season Spurs New Push for Vaccinations
How are you going to help prevent yourself from getting the flu this year? "We lost 80,000 people a year ago to the flu". The "trivalent" vaccine protects against two strains of influenza A and one strain of influenza B.
OnePlus 6T launch invite and new pics leak
Thanks to the 18:9 and 19:9 displays on the OnePlus 5T and OnePlus 6 , the company had placed the fingerprint scanner on the rear. OnePlus 6T is expected to come with water drop like notch screen and is said to come with an in-display fingerprint sensor.
Facebook noted that users do not need to change their passwords. The company has clarified that it does not yet know who was behind this attack and is holding an investigation of its own into the matter.
Get direct access to our top weekly content, contests, and perks..
Facebook is also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a "View As" lookup in the past year. Whether 50 million, 100 million or 1 billion Facebook users were compromised is immaterial, as the real issue with any compromise is that this is another blow to our collective privacy.
Facebook's Head of Security Guy Rosen released a statement following the discovery of the incident.
The company notes that it will disable access tokens any more potentially impacted accounts it discovers.
The access tokens for the 50 million accounts the company knows were affected have been reset. "We did see this attack being used at a fairly large scale". Given how Facebook spreads itself out over third-party applications, such as its log-on feature, this number is expected to reach much higher, however this remains speculation for the time being. Since the investigation is at the earliest stages, Facebook has no idea whether any of the accounts affected were actually misused by hackers, and does not know if any personal information has been stolen.