50 million Facebook accounts breached by access-token-harvesting attack
Bugs in two features enabled mass harvest of single sign-on tokens.
Sep 28, 2018 ... The second bug was that when activated, the video uploader was generating a single sign-on token—a behavior that Rosen said was incorrect.