Hackers getting their hands on access tokens means they could essentially take over people’s accounts.
Damon McCoy, assistant professor of computer science and engineering at New York University, explained to NBC News what cyber criminals might do with the stolen information.
“Some examples of how a Facebook account might have been misused include adding/deleting friends, post, Facebook apps, comments, likes, private messages,” McCoy said. “Any attack could also have changed the privacy setting of any existing content or changed the default privacy setting of future posts, comments, or likes.”