If Facebook logged you out, your account was likely accessed
Unknown attackers accessed 50 million Facebook accounts this month, and executives said Friday that any potentially compromised accounts had been logged out of the service as an investigation continued.
In a blog post, Facebook executive Guy Rosen said that the social networks view as feature, which lets users see their profile page as a specific user would, allowed access to that other accounts token, or identification. The hackers found that a video uploader coughed up a friends token within a Happy Birthday option that was not supposed to be active in view as mode, and then would use the trick against more friends of the accounts they accessed.
These access tokens enabled someone to use the account as if they were ... the account holder themselves, Rosen said in the second of two conference calls Facebook held with the media about the breach on Friday. This does mean they could have accessed other third-party apps that were using Facebook Login.
Facebook actually logged off 90 million users Friday, executives said: The 50 million affected accounts and another 40 million that had used the view as feature since a July 2017 update caused the security hole. Users who were logged out were promised notifications with more information at the top of their pages when they regained control of their account.
https://www.msn.com/en-us/news/technology/if-facebook-logged-you-out-your-account-was-likely-accessed/ar-BBNG74T?li=BBnb7Kz