On Friday, September 28, 2018, Facebook said that an attack on its network had exposed the personal information of nearly 50 million users.
What is Known
The attackers exploited the “View As” feature that allows users to see their Facebook page the way someone else would which could allow the attackers to take over Facebook accounts. It’s not known if the affected accounts were misused or if user information was actually accessed.
The social networking giant said that it had reset all the access keys for affected users and that those users would have to log back into their accounts. In other words, there is not much you have to do. But there are some precautions you should take to protect yourself from the attack.
What You Should Do
Do a Device Audit
The best way to determine whether someone has gained improper access to your account is to do an audit of the devices that you have used to log into Facebook. On Facebook’s Security and Login page, under the tab labeled “Where You’re Logged in,” you can see a list of devices that are signed into your account, as well as their locations. If you see an unfamiliar gadget or a device signed in at an odd location, you can click the “Remove” button to boot the device out of your account.
Change Your Password
Facebook says that because it has fixed the vulnerability, there is no need to change your account password. But you probably should anyway — especially if you use a weak password or saw any suspicious devices logged into your accounts.
If you decide to change your password, choose a complex one — and do not reuse a password you have used on a different site. Try creating long and complex passwords consisting of nonsensical phrases or one-sentence summaries of strange life events and add numbers and special characters.
To keep your passwords organized and easy to access, consider using a password management app like 1Password or LastPass. These tools let you keep all your passwords in a digital vault that can be opened with one master password, and they can also automatically generate complex passwords.
Turn on Two-Factor Authentication
Like many sites, Facebook offers a security feature called two-factor authentication. It involves text messaging a unique code to your phone that you must type in after entering your password. This way, even if someone gained access to your password, it would be difficult to log in without that code. Even though Facebook fixed this week’s security vulnerability, every user should have this feature turned on. If you’re feeling very brave you can always…
Delete your Account
Seriously. It may seem hard but an account that doesn’t exist can’t be hacked.
We’ve had clients deal with hacks and data breaches before. It’s never fun but a bit of prevention can go a long way. Reach out – we’re ready to help.