Facebook announced earlier this month that the world’s largest social network had identified “a security issue affecting almost 50 million accounts.”
A vulnerability that has existed since June of 2017 allowed hackers to exploit the “View As” feature. This hack could allow criminals to “steal Facebook access tokens which they could then use to take over people’s accounts.”
Facebook logged the 50 million affected users out of their accounts, along with another 40 million accounts that had accessed that “View As” feature in the last year. After these users login again, a notification will inform you why Facebook has reset your access token.
Whether or not you were affected, right now is a good time for all 2.3 billion active Facebook users to make sure you’re taking a few security precautions.
Secure Your Facebook Account
- Change your Facebook password.
To do this on a PC, log into your account, click on the down arrow in the upper right corner then go to “Settings” >”Security and Login” > Change password. Use a strong, unique password.
- Log out of your account on any device or browser where you are logged in.
This is also on the same “Settings” >”Security and Login” page under “Where You’re Logged In”.
- Set up two-factor authentication.
On the same “Settings” >”Security and Login” page, click “Use two-factor authentication”. Turn it on and F-Secure experts recommend you use an “Authentication App”.
- Set up alerts for “unrecognized logins”.
This is also on the “Settings” >”Security and Login” page under “Get alerts about unrecognized logins”.
- For extra privacy, turn off Apps, Websites and Games.
This limits what you can do on Facebook considerably, but it also makes it far less likely your data will be shared with third parties. You can do this on “Settings” > “Apps and Websites” > Under “Apps, Websites and Games”, click “Edit”.
All of these best practices for securing your Facebook accounts are important, but they would not have secured you from this hack. This because the convenience offered to users by “access tokens” could be exploited as a vulnerability.
Hackers may have gained to access a variety of sites that use Facebook’s access token as a login, including Instagram, Tinder, and Airbnb.
You should definitely always take basic security precautions but be aware that it’s impossible to eliminate all risks.
When using a third-party service that’s free – including webmail like Gmail – you should assume that no one cares more about security than you do.
You should consider keeping anything that’s truly private, including information pertaining to your business and photos you’d never like to see made public, off of Facebook. This includes any service where you’re not paying to secure your data.
For a proven best of breed industry standard and proven product range for managing these threats, contact our sales team today.
Follow us on LinkedIn: