September 28, Facebook admitted that unknown hacks exploited three zero-day vulnerabilities on its social media platform and took away secret access tokens for more than 50 million Facebook users.
Access Tokens “are the equivalent of digital keys that keep people logged in to Facebook, so they don’t need to re-enter their password every time they use the app.” The hackers could use those access tokens to take over user accounts. In response, Facebook reset access token for nearly 90 million users, which caused all 90 million users being logged out on September 28. The hackers could use the secret access tokens to access user accounts, personal information, and access third-party app or websites that are logged in with Facebook accounts.
https://thehackernews.com/2018/09/facebook-account-hack.html