There are some days that your social media plan doesn’t go quite… as planned. Today, Friday, September 28th, was one of those days for millions of people due to a Facebook security breach.
It may have started out as an average day until you opened up your Facebook app and received a “Your session has expired” message, forcing you to log back into your account. For most avid social media users, this is a red flag. After all, you’ve been on social media for 11 years and your session has never expired before.
Then, of course, a few hours later, Facebook makes an announcement. There was an attack on their network that exposed the personal information of almost 50 million users.
According to Facebook, the attackers exploited a feature known as the “View As’ feature, which allows users to view their own profile as if they were someone else. “View As” was originally designed so that users could have more control over their privacy.
This exploit was combined with a flaw in Facebook’s video-uploading program, which was introduced in 2017. The combination of these two flaws allowed hackers to steal “access tokens,” which are digital keys that could be used to take over people’s accounts.
It’s important to note that access tokens are not passwords. Instead, they allow people to log into accounts without needing a password. Users who have been impacted by the breach do not have to change their passwords.
Facebook has disabled the “View As” feature and reset 50 million accounts that were impacted. As an extra precaution, they reset access tokens for another 40 million accounts who have accessed the “View As” feature since July 2017. This means that 90 million Facebook users will have to log back into Facebook or the Facebook app.
How To Know If Your Account Has Been Impacted
If you are one of the millions of Facebook users impacted by this breach, you will have to log back into your account and as soon as you log in, you will receive a notification at the top of the News Feed explaining the situation.
If you were not logged out but want to take additional security precautions, you can check this page to see the places where your account is logged in and log them out if you would like.
What Does This Mean For Facebook?
It’s safe to say that Mark Zuckerberg is not having his best year.
This is one of the biggest security breaches that has occurred on Facebook and it is the first time that a user’s entire account has been compromised by outside hackers.
Facebook is still investigating the situation and working with the FBI. They are not yet aware of when the attack occurred, how much information was stolen, or who is behind the attack.
This comes at a tense time for Facebook who is already facing federal investigation and regulations due to its role in the Cambridge Analytica scandal. Senator Mark Warner, co-chair of the Senate Cybersecurity Caucus, called the breach “deeply concerning” and has called for a “full investigation” of the breach.
All eyes are on Zuck right now to see how he handles Facebook’s latest security breach.
What Does This Mean For Your Cybersecurity?
The million dollar question is, how secure is your account?
The good news is that Facebook has reported that this breach did not impact credit card data or advertising accounts so you will not need to change or cancel any cards connected to your Facebook account.
However, as a Facebook user, it’s important to always remain vigilant about your privacy on social media sites.
We recommend updating your passwords frequently and using different passwords for your social media accounts.
Close any accounts you no longer use. Got a Periscope account that you haven’t logged into since 2016? Delete it. Even if you don’t use old accounts, it won’t deter hackers from getting into them and accessing your information.
Also, always keep your mobile apps up to date. Security patches are included in updates so updating your apps frequently can keep you protected from the latest threat.
Our team is monitoring the Facebook security update and will update you on any new information. Rest assured, we monitor the security of MeetEdgar on a regular basis to keep you and your accounts protected.