How Facebook Was Hacked And Why It’s A Disaster For Internet Security

The perpetrator’s ultimate aim was to steal what are known as “OAuth bearer tokens.” Essentially, these tokens prove the Facebook user is the rightful owner of an account and denote what they have access to. As Shadwell describes them: “OAuth tokens are like car keys, if you’re holding them you can use them, there’s no discrimination of the holder.” And in the context of this attack, those keys unlocked not just Facebook accounts, but any site that affected users accessed with a Facebook login. That might include Instagram or news websites.

https://www.forbes.com/sites/thomasbrewster/2018/09/29/how-facebook-was-hacked-and-why-its-a-disaster-for-internet-security/