Facebook explained that the attack allowed cyber criminals to steal access tokens and take-over accounts by using the ‘View As’ feature, which allows people to view how their Facebook page appears to other Facebook users.
Facebook has not ruled out the possibility of smaller-scale attacks, which it is continuing to investigate. The social media giant reminded its customers to visit its Help Centre to check whether they have been affected.
Facebook will also contact affected users to explain what information may have been accessed and the steps users can take to protect themselves from suspicious emails, texts or phone calls.
The ACSC is continuing to investigate the issue with the Office of the Australian Information Commissioner.
Facebook reports that it is cooperating with the US Federal Bureau of Investigation, which is actively investigating the incident.