It has not been a good year for Facebook. From the revelation of
Cambridge Analytica having access to user’s data to Facebook giving advertisers access to your 2FA phone numbers, Facebook has been quite the security and privacy nightmare. Yesterday, Facebook announced that 50 million accounts have potentially been compromised due to a bug introduced into their system.
So what exactly happened?
To put it simply, a piece of code introduced in 2017 allowed for users to get the access token used to verify you are logged in on Facebook. With this access token, hackers are able to access your account without having to guess your password or enter the 2FA authentication. What is worse is that this not only affects your Facebook account but any account that you used Facebook to login to. So that means your Instagram, Spotify as well as many others all might have been accessed.
What has been done so far?
Facebook has reset the access token for all 50 million accounts that were affected. Additionally, they have reset another 40 million as a precautionary measure. The “View As” feature that was used to gain access to the access token has been temporarily disabled while Facebook conducts a thorough investigation. Facebook is also working with the FBI to figure out who was conducting the hack.
How does this affect me?
The problem with Facebook is the information people share on the platform. Do you have your elementary school listed on your Facebook profile (a common security question used for accounts)? Did you post a picture of your first car (another common security question)? Even if its just set to only viewable by yourself? Coupled with the Experian hack and other security hacks out there, it really would not be too hard to compile this information together to compromise your bank account or other accounts
What should you do?
My recommendation would be to remove any information on Facebook that could potentially be used to verify your identity. Be mindful of what you share, what you post on the internet stays on the internet forever.
Check to see if there have any unauthorized logins into your account from places you don’t recognize. You can do this by going to https://www.facebook.com/settings?tab=security§ion=sessions&view
Consider deleting your account if you can live without Facebook and other accounts that require a Facebook login. If you can’t live without Instagram or Messenger, suspending your account would be the better alternative since those services will still be available with a suspended account.
For more technical details about what is happening, read the official Facebook Blog