"This is a really serious security issue."

     - CEO Mark Zuckerberg

A Facebook press release issued this morning revealed the breach, but is light on specifics.

"On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts," reads the statement. "[It's] clear that attackers exploited a vulnerability in Facebook’s code that impacted 'View As', a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts."

According to Guy Rosen, Facebook VP of product management;

"Fifty million accounts were directly affected and we know the vulnerability was used against them.The attackers could use the account as if they are the account holder.”

The company is still investigating the attack, and does not know how much information was stolen or who is behind the hack. Facebook says that because it was access tokens that were stolen and not passwords, affected users don't need to change their security settings.

1.) Although Facebook says passwords themselves are not impacted, we STRONGLY encourage users to change them nonetheless.

2.) Log out and log back in using the new password.

3.) Remove as much personally-identifying information from your account as possible, including birth dates, credit card numbers stored on the system for purchases, addresses, telephone numbers, etc... 

In general, and extending far beyond this particular security issue, the more personally-identifying information you delete from the platform, the better. In this day and age of near daily security breaches of internet sites, the less personal information you make available, the better. 

- - -