This attack exploited the complex interaction of multiple issues in Facebook’s code, Face Book said. The attackers exploited a vulnerability in Facebook’s code related to the “View As” feature, which is designed to let users see how their profile appears on other face book users screens. If you used the feature, hackers were able to steal your access token and potentially take over your account. An access token is the thing your browser uses to keep you logged in to your Facebook account after signing in once.
But don’t worry, According to Facebook, the exploit was patched on Thursday, September 27 and Facebook has gone ahead and reset the access token for the all users who were affected as well as all other accounts “that have been subject to a “View As” look-up in the last year.” So, if you had to manually log in to your Facebook account on Friday, September 28, it’s likely your account was compromised.
If your account were hacked, the attackers were able to retrieve an access token for your account, they could theoretically log in to your account on their machine and have full access to it.
Facebook's vice president of product says hackers also have access to any app that was linked to your account as well.
Facebook has temporarily disabled the View As’ feature as it conducts “a thorough security check.
To be safe you all should change your face book account password as soon as possible.