In the worst breach in Facebook’s history, hackers had stolen access tokens for 50 million accounts by exploiting a previously unknown vulnerability found on Facebook’s ‘View As’ feature. The vulnerability allowed hackers to steal login tokens that they could use to access the accounts and other third-party websites that a user had logged into using their Facebook credentials. The hackers could then siphon user information to carry out scams and phishing attacks. Facebook said it has fixed the vulnerability, temporarily disabled the ‘View As’ feature, and conducted a comprehensive security review.

References:
[1] SingCERT urges vigilance in wake of Facebook security breach