The end of September, Facebook disclosed the discovery of a security flaw on its computer network that may have affected active accounts exposing the personal information of up to 50 million users including top executives Mark Zuckerberg and Sheryl Sandberg according to sources close to the investigation.
The attacker exploited two bugs in the platform’s “View As” feature that allows users to view their public profile as others see it online. The flaw allowed the attacker to steal access tokens - digital keys that allow access to an account - which allows users to automatically log in to their Facebook profile without having to re-enter their login credential or password everytime they use the application.
Facebook has stated that user accounts were visible to cyber-criminals but actual passwords were not compromised and the vulnerability has been patched.
Although Facebook guarantees that it did reset the access tokens of about 90 million accounts who used the feature. Here at LANAIR Group, we recommend for users to change their Facebook password with complex and unique characters and monitor your account for fraudulent activity.
The Federal Trade Commission also has a few recommendations on what to do next after the Facebook breach:
- Watch out for imposter scams. With access to your Facebook account, hackers can get a lot of information about you. That information could be used to impersonate people you know or companies you do business with. If someone calls you out of the blue, asking for money or personal information, hang up. Then, if you want to know for sure if the person calling you was really your family member or was really from a company you know and trust, call them back at a number you know to be correct before you give any information or money. And remember: anyone who demands that you pay by gift card or by wiring money is scamming you. Always.
- Consider changing your password. Facebook says that it fixed the vulnerability, so there’s no need to change your password. But, to be safe, log in and change your password anyway. If you use the same password other places, change it there, too. Don’t forget to change your security questions, as well – especially if the answers include information that could be found in your Facebook account.
We have gathered additional resources that will help you enforce the security of other social platforms and apps you might frequent along with tips on what to do if you notice that your identity has been compromised.
- Using Two-Factor Authentication on Facebook
- Turn On LinkedIn’s Two-Step Verification
- Activate Amazon’s Two-Step Verification
- Multi-Factor Authentication for Office 365
- US-CERT Preventing and Responding to Identity Theft