What You Need to Know About the Facebook Hack
More unsettling news for Facebook users: 30 million accounts have been exposed to hackers through a vulnerability in the “View As” feature, which is designed to let you see your profile as it appears to others.
Were You Affected?
If you had to sign back in to your account today, you may be among the affected group. To verify whether or not your account was compromised, check the Facebook Help Center. Scroll to the bottom of the page to see what (if any) data may have been exposed.
If you've been logged out of your account and asked to sign back in, it’s because we've discovered a security issue and are taking immediate action to protect people on Facebook. Learn more https://t.co/XLcHGYFBu2
— Facebook (@facebook) September 28, 2018
Here’s what happened
Facebook’s security team discovered the View As vulnerability on Tuesday. Hackers exploited this feature to steal access tokens from users who’d recently previewed their profiles.
According to Guy Rosen, VP of Product Management at Facebook, it’s still unclear whether hackers actually took information from within the exposed accounts or otherwise “misused” them.
“We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security,” Rosen writes in today’s press release.
As a precaution, Facebook reset access tokens for a total of 90 million accounts that were either exposed or were “subject to a “View As” look-up in the last year.”
How to protect yourself
“The good news is, Facebook’s token reset should have already sealed out bad actors,” says Ian Kirk, a security expert and director of cloud governance at Asurion. “They’ve also patched the vulnerability and shut down the ‘View As’ feature for now. It’s still always good practice to use long passwords, and to change them frequently.”
There are a few basic precautions you can take to sleep a little more soundly tonight:
- Sign out of your account: Even if you weren’t among the initial group of 90 million, you can never be too careful. Open Facebook and tap Settings > Log Out. This will reset your access token and kick out anyone who might have gained access.
- Sign out of linked accounts: If you use Facebook to sign in to other accounts (like Instagram, Pinterest, or Tinder), you may want to sign out of those services, too. Visit the Account Settings page, tap Apps and Websites, and choose Logged in with Facebook. Select apps/services on the list, then tap REMOVE to sign them out.
- Check your profile: Look for anything out of place, such as posts you don’t recognize, missing information, or profile changes you didn’t make.
- Remove personal info: Getting hacked is never ideal, but you can prevent your personal info from being stolen by keeping it off Facebook. Remove things like birthdays, addresses, phone numbers, etc. to make sure your data doesn’t fall into the wrong hands.
Facebook’s investigation of the incident is ongoing, so stay tuned for more updates.