There’s oversharing on Facebook and then there’s oversharing on Facebook. Last week the ubiquitous social media platform announced that it had experienced a security breach exposing the accounts of up to 50 million users. If Facebook knows the identity of the hackers, it isn’t talking. But details surrounding the attack itself have already started to emerge early in the investigation.

A vulnerability in the “View As” function, a privacy feature that allows users to see how their profiles appear to other denizens of Facebook, enabled hackers to steal “access tokens” to gain entry to people’s accounts. If users signed onto other sites using the “Login with Facebook” function, those accounts could be compromised, too.