Yet another security breach has hit Facebook, granting hackers full access to as many as 90 million accounts — as well as the accounts of services users logged into with their Facebook accounts, like Spotify and Tinder. That means this hack could have been worse than the Cambridge Analytica data breach earlier this year, which exposed the private information of 87 million Facebook accounts.
Before you start to panic, you should know that while all of this information could have been exposed to hackers, we don't currently know exactly what hackers did access. Facebook is still investigating the hack, and while hackers could access just about anything in compromised accounts, there's not any evidence that they collected or misused any personal data.
That's not very reassuring coming from Facebook, which claims to respect your privacy but continues to expose user data through abuse, bugs and hacks. The latest privacy problem was caused by a bug that let hackers use the site's "View As" feature — which lets you see what your profile looks like to others — to steal Facebook access tokens. These tokens are what Facebook uses to tell if you're logged in to your account, and once hackers had them they had full access to the Facebook account of every affected user, as well as services attached to their Facebook accounts. That could mean every piece of information you had on Facebook was handed off to hackers.
While what happened to your data is still up in the air, the problem has already been fixed. Facebook has reset the access tokens of 50 million accounts that were definitely affected, as well as 40 million accounts that could have been affected. If the hackers hit you, you probably noticed you were logged out of Facebook the last time you went to the site — but regaining access is as simple as entering your password again, giving you a new access token that is (hopefully) just yours. If so, you should have also gotten a notification at the top of your News Feed explaining what happened. Facebook has also completely disabled "View As" while it investigates the problem.
So what should you do now? Unfortunately, because hackers exploited a bug to access your data, there's nothing you could have done to better protect your Facebook account. Still, it's never a bad time to revisit your Facebook security settings. Start by checking out the websites that have access to your Facebook account that could have been compromised. Go to Settings > Apps and Websites to review what has access, and remove any apps or websites you don't use anymore. Next, review your login activity by going to Settings > Security and Login and looking through the Where You're Logged In section of the page. You should only see devices and locations that you've logged in from — if you see anything that looks amiss, click Log Out of All Sessions in the lower right.
And while Facebook says you don't need to change your password — hackers only access accounts with tokens, which don't include passwords — it's never a bad idea to update your password to something more secure (preferably something you haven't used on any other sites). You can also turn two-factor authentication, which will text you a confirmation code when you try to log on, for extra security. Just go to Settings > Security and Login and scroll to the Two Factor Authentication section. For more ways to secure your account, take a look at our complete guide to Facebook's complicated privacy settings.
If you've decided you're really done with Facebook, you can also delete your account completely — though even that doesn't completely guarantee your privacy, since Facebook can track internet users even if they don't have accounts. Still, leaving the social network will at least offer some measure of protection from future Facebook privacy problems.
Image credit: woman using Facebook via Shutterstock.com