Facebook, the super popular social media platform, was hit hard by a clickjacking worm this past week. Reports say the worm caused vulnerability to hundreds of thousands of Facebook users. It was also reported that the worm used an attack called clickjacking.

Clickjacking was first used as a term in 2008 by Jeremiah Grossman and Robert “RSnake” Hansen. The two were security researches trying to describe the attacks by publishers who can control what a user clicks on. The team said that most browsers are susceptible to attack, but some come with some extra safety that can help keep users from falling victim.

The attack on Facebook started with fake “Like” stories popping up on users’ profiles. When a user clicked on the link to view the page, they would be moved to a page with a single link saying, “Click Here To Continue.” When a user clicked anywhere on the page, it would automatically add the link to the users’ “Like” list.

It was reported that this attack used what is called an invisible iframe. The iframe was used to link back to the profile of the user. Once the user clicked the link, it would automatically send the link to all of the users’ friends, thus allowing itself to grow exponentially. Facebook staff were finally able to regain control, and shut down the attack.