Facebook made an announcement today, but it wasn't the fun kind. Guy Rosen, VP of Product Management at Facebook says that at least 50 million user accounts have been compromised by unknown parties. The social network is taking several steps to safeguard affected accounts, as well as other accounts that have questionable involvement.
Facebook became aware of the attack on Tuesday. The cause was a flaw in the site's code for a feature called "View As" that let you see how your profile looked to another person. The attacker exploited a flaw in View As to steal access tokens for as many as 50 million accounts. With the token, someone else could take over your Facebook session and access your data.
All those accounts have been manually logged out by Facebook to invalidate the stolen tokens. In addition, Facebook logged out another 40 million accounts that have a "View As" request from the last year. If your account was affected, you'll see an alert when you log back in. The vulnerability has been fixed on Facebook's end, but it's also shutting off View As until it can conduct a full analysis of what happened. The police are also investigating the attack with Facebook's help.