Three days after Facebook reported that hackers obtained access tokens for 50 million user accounts, the company has provide an update on the security attack.

“We fixed the vulnerability and we reset the access tokens for a total of 90 million accounts — 50 million that had access tokens stolen and 40 million that were subject to a “View As” look-up in the last year”, Guy Rosen, VP of Product Management Facebook

Best practices to Facebook Login security, recommend by Guy Rosen:

• Use our official Facebook SDKs for Android, iOS and JavaScript — these will automatically check the validity of access tokens on a daily basis and force a fresh login when they are reset by Facebook, protecting the security of users accounts.
• Use the Graph API to keep information updated regularly and always log users out of apps where error codes show that any Facebook session is invalid. [Facebook blog]

Under the newly installed General Data Protection Regulation (GDPR), European regulators can fine Facebook up to $1.63 billion in fines — or four percent of its $40.7 billion in annual global revenue for the prior financial year — if it’s found that Facebook could have done more to protect its users’ data. [source]

Here‘s the background for the latest Facebook privacy issue.