The company's security team found three bugs were used in the attacks, saying they were used in combination to successfully break into Facebook accounts. To get those keys, the hackers abused a feature in Facebook called “View As.” It allows any user to see what another can access on their profile. “It looks like when Facebook built the View As feature, they did this by making it a modification of how Facebook would work if actually viewed by that other user,” said Shadwell. Thanks to an error made by Facebook in July 2017, the video provided the user with one of those precious tokens, Shadwell said. Facebook hasn’t said just how many accounts were hacked, where victims were based or who was behind the attack.

Source: Forbes September 29, 2018 15:47 UTC