https://blog.avatao.com/The-three-fatal-bugs-behind-the-Facebook-breach/
The Facebook attack which was disclosed in September is still making waves within the cyber security community. A breach of one of the largest social media platforms has quite a bit to gleam from in terms of security. The main goal of the attack was to obtain access tokens of users. The bugs that allowed this to happen are as follows: the view-as feature allowed users to wish someone a happy birthday and incorrectly post a video, the video uploader created an access token with permissions for the mobile app, and when using the view-as feature the video uploader created an access token of the person you are viewing, instead of yourself. These bugs were exploited in an automated fashion to obtain access tokens of 30 million people. The website itself also has a challenge which simulates Facebook’s bugs, in case you ever want to brush up and learn from the mistakes of others.
TJJohnson Learning Security 