Yet another security breach has hit Facebook, granting hackers full access to as many as 90 million accounts — as well as the accounts of services users logged into with their Facebook accounts, like Spotify and Tinder. That means this hack could have been worse than the Cambridge Analytica data breach earlier this year, which exposed the private information of 87 million Facebook accounts.
Before you start to panic, you should know that while all of this information could have been exposed to hackers, we don't currently know exactly what hackers did access. Facebook is still investigating the hack, and while hackers could access just about anything in compromised accounts, there's not any evidence that they collected or misused any personal data.
That's not very reassuring coming from Facebook, which claims to respect your privacy but continues to expose user data through abuse, bugs and hacks. The latest privacy problem was caused by a bug that let hackers use the site's "View As" feature — which lets you see what your profile looks like to others — to steal Facebook access tokens. These tokens are what Facebook uses to tell if you're logged in to your account, and once hackers had them they had full access to the Facebook account of every affected user, as well as services attached to their Facebook accounts. That could mean every piece of information you had on Facebook was handed off to hackers.
While what happened to your data is still up in the air, the problem has already been fixed. Facebook has reset the access tokens of 50 million accounts that were definitely affected, as well as 40 million accounts that could have been affected. If the hackers hit you, you probably noticed you were logged out of Facebook the last time you went to the site — but regaining access is as simple as entering your password again, giving you a new access token that is (hopefully) just yours. If so, you should have also gotten a notification at the top of your News Feed explaining what happened. Facebook has also completely disabled "View As" while it investigates the problem.
So what should you do now? Unfortunately, because hackers exploited a bug to access your data, there's nothing you could have done to better protect your Facebook account. Still, it's never a bad time to revisit your Facebook security settings. Start by checking out the websites that have access to your Facebook account that could have been compromised. Go to Settings > Apps and Websites to review what has access, and remove any apps or websites you don't use anymore. Next, review your login activity by going to Settings > Security and Login and looking through the Where You're Logged In section of the page. You should only see devices and locations that you've logged in from — if you see anything that looks amiss, click Log Out of All Sessions in the lower right.
And while Facebook says you don't need to change your password — hackers only access accounts with tokens, which don't include passwords — it's never a bad idea to update your password to something more secure (preferably something you haven't used on any other sites). You can also turn two-factor authentication, which will text you a confirmation code when you try to log on, for extra security. Just go to Settings > Security and Login and scroll to the Two Factor Authentication section. For more ways to secure your account, take a look at our complete guide to Facebook's complicated privacy settings.
If you've decided you're really done with Facebook, you can also delete your account completely — though even that doesn't completely guarantee your privacy, since Facebook can track internet users even if they don't have accounts. Still, leaving the social network will at least offer some measure of protection from future Facebook privacy problems.
Image credit: woman using Facebook via Shutterstock.com
From Cheryl Annie Marie Dodson on October 01, 2018 :: 2:37 pm
I DO NOT KNOW WHY BUT I HAVE HAD MY FB ACCOUNT HACKED 3 TIMES NOW .
IN THE PAST THREE (3) YEARS I HAVE HAD TO RECREATE MY FB ACCOUNT DUE TO SOMEONE CHANGING MY LOG IN INFORMATION AND EVEN CHANGED MY NAME?
ALERTED FB AND NOTHING WAS EVER ATTEMPTED TO EVEN SEEK OUT THE HACKER!!!!!? THE ONLY OUTCOME I WAS FACED WITH WAS WHEN FACEBOOK HAD DECIDED TO LOCK ME OUT OF MY ACCOUNT AND SUSPEND MY USE OF LOGGING INTO MY NEW ACCOUNT IN WHICH I HAVE TO REMIND EVERYONE THAT IF THIS. HAS HAPPENED TO YOU THEN YOU WILL AGREE WITH ME ABOUT JUST HOW DIFFICULT AND HEART BREAKING BECAUSE NOW YO HAVE TO CONVINCE ALL OF YOU FB FRIENDS AND FAMILY THAT THE NEW FB ACCOUNT IS TRULY AND IS REALLY YOU AND I HAVE LOST SO MANY FB FRIENDS BECAUSE OF THIS..
THE CRAZY THING WAS THOUGH, FB FINALLY LET ME ONTO MY NEWLY CREATED FB ACCOUNT AFTER ABOUT 3 WEEKS OR SO….. CRAZY WAS WHEN THEY WERE PUTTING ALL… I MEAN EVERYONE OF MY POSTS AND EVEN SOME OF MY COMMENTS WERE DELETED AND MIND YOU THIS WAS ON MY NEW FB ACCOUNT!!!! FB WAS TELLING ME THAT I HAD CREATED MULTIPLE FB ACCOUNTS AND THAT THEY WERE INVESTIGATING ME???????!???!!!
MY QUESTION IS…..... WHY WERE THEY SO FOCUSED ON MY ACTIONS? INSTEAD OF THEM CHECKING IP ADDRESSES AND AT LEAST MONITORING MY HACKED ACCOUNT?
AT THIS TIME I STILL AM FACED WITH FB STILL INTERFERING WITH MY POSTS AND COMMENTS WHICH BY THE WAY STILL HAVE YET TO HAVE ANY OF THEM POST.