In September 2018, Facebook announced that its engineering team had discovered a security issue affecting 50 million accounts.
A hacker could, potentially, take over your Facebook account and use it as if they’d logged in as you.
Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based.
What it means for you
If you log into other sites using Facebook… then those systems are at risk too.
What you should do
- Change your password in Facebook.
- It’s not a safeguard against this type of attack but it’s good practice.
- If you found that your Facebook account logged out this was FB resetting your access token
- Setup two-factor authentication in Facebook
- This means that even if your password is compromised, an attacker will need your phone to log into your account
- When signing up for services, choose the “Email address” option and use a unique password
- Did you know that by signing in using Facebook or Google that you’re sharing whatever is on your public profile? Some apps ask for more access, such as Trip Advisor which uses your friends to show where they have travelled and hotels they’ve reviewed
- Do you just click “Accept” when doing this? It might be worth reviewing that approach