3 Things You Should Do After Facebook Hack
A Friday morning press release from our connect-people-at-any-cost friends in Menlo Park detailed a potentially horrifying situation for the billions of people who use the social media service: Their accounts might have been hacked. Well, at least 50 million of them were “directly affected,” anyway.
The so-called “security update” is light on specifics, but what it does include is extremely troubling.
“We did see this attack being used at a fairly large scale.”
“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts,” reads the statement. “[It’s] clear that attackers exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.”
Facebook said in a web post that the security issue was related to the “View As” feature, which allows people to see a preview of what their profile looks like to other people, like specific friends. Hackers exploited a weakness in the tool to gain access to digital keys that let people access Facebook from a personal device without having to re-enter a password. The keys could then be used to take over people’s accounts, the company said.
Facebook later said that it had reset all the access keys for affected users and that those users would have to log back into their accounts. In other words, there is not much you have to do. But there are some precautions you should take to protect yourself from the attack.
1. Change Your Password
Facebook says that because it has fixed the vulnerability, there is no need to change your account password. But to be extra safe, you probably should anyway — especially if you use a weak password or saw any suspicious devices logged into your accounts.
If you decide to change your password, choose a complex one — and do not reuse a password you have used on a different site. Try creating long and complex passwords consisting of nonsensical phrases or one-sentence summaries of strange life events and add numbers and special characters.
To keep your passwords organized and easy to access, consider using a password-management app like 1Password or LastPass. These tools let you keep all your passwords in a digital vault that can be opened with one master password, and they can also automatically generate complex passwords.
2. Turn on Two-Factor Authentication
Like many sites, Facebook offers a security feature called two-factor authentication. It involves text messaging a unique code to your phone that you must type in after entering your password. This way, even if someone gained access to your password, it would be difficult to log in without that code. Even though Facebook fixed this week’s security vulnerability, every user should have this feature turned on.
3. Do a Device Audit
The most ideal approach to find if somebody has accessed your account is to audit the gadgets that you have used to sign into Facebook. On Facebook’s Security and Login page, under the tab named “Where You’re Logged in,” you can see a rundown of gadgets that are marked into your record, and additionally their areas. On the off chance that you see a new device or a gadget marked in at an odd area, you can tap the “Evacuate” catch to boot the gadget out of your record.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.