Facebook revealed it had discovered a security issue affecting millions of accounts on 25 September. The attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets users see what their own profile looks like to someone else. When composing a birthday wish message with video, as of July 2017 the attacker could exploit 'View as' option of the video uploader to get access to the profile of the user being looked up, including their log-in details. The access token was then available in the HTML of the page and extracted by the attackers who exploited it to log in as another user. Facebook reset the access tokens of the almost 50 million accounts thought to be affected and temporarily disabled the “View As” feature. On 12 October, Facebook announced hackers actually stole access tokens for about 30 million people, 20 million less than previously thought. For 15 million people, attackers accessed name and contact details (phone number, email, or both). For 14 million people, the attackers accessed name and contact details, as well as other details people had on their profiles, including username, gender, religion, birthdate, etc. For 1 million people, the attackers did not access any information.