Another day, another security breach. But this time it’s with the ubiquitous Facebook, and the breach may end up involving other apps that let you login with Facebook.
Here’s a summary of what you need to know. (And here’s another reason to be mad at Facebook this week.)
Quick Links
What Happened?
Back in December, Facebook noticed a spike in unusual Facebook access. Last week they identified that because of a combination of factors and vulnerabilities related to Facebook’s “View As” feature, hackers were able to steal personal data from 50 million users, which equals about 2.2% of their 2,23 billion of their monthly active users.
The “View As” feature lets you see your profile as others might see it… friends, friends of friends, strangers, etc. It’s a helpful tool to point out if you’re sharing too much private information publically.
What Did the Hackers Steal?
Facebook hasn’t released all the info about what was compromised, but hackers were able to login to Facebook with the 50 million accounts. The hackers accessed personal information such as name, hometown and status, but Facebook says it doesn’t seem like the hackers have credit card info and other more valuable data. With the hacked information, the bad guys may also have access to other accounts that use Facebook credentials to log in. Again, we don’t know all the facts yet. But Tinder, one site that uses Facebook logins, says it doesn’t look like the hackers infiltrated their users.
What Has Facebook Done?
Facebook says…
- They patched the vulnerability.
- They reset the accounts of the 50 million people.
- They reset the accounts of 40 million other people who used “View As” within the past year but who didn’t seem to be affected.
- They are investigating more about what was stolen.
What Should You Do?
- If you’re one of the 90 million people directly affected, you’ve already been reset.
- If you haven’t seen a notice or been logged out, you can…
- Change your password
- Remove other apps’ access to Facebook
- Deactivate or delete your Facebook account (NOTE: They just changed the “change your mind” period from 2 weeks to 30 days for full deletion, so this will take a while)
What Will Most Facebook Users Do?
This part makes me sad… as a whole, we’re likely to do nothing. We won’t delete our account. We won’t change our password. We won’t bother to remove app access. It’s not that we aren’t mad… it’s just that as a whole we’re too distracted to sit down and take action.
Will This Happen Again?
Uh. Yeah. And probably more often as time goes on. This vulnerability was a small, small bug that happened when a specific set of circumstances were present. It’s like that weird situation where the doorbell shorted out because it was raining at exactly the same time that your neighbor pushed the doorbell while you were blow drying your hair and the front porch light was on. And that means that hackers are very sophisticated in their search for weak areas that are almost impossible to stumble upon.
Wow!!! Great Article! Thanks for the update! You’re the best Beth!!!
Thanks for sharing, great information on what to do about such an incident.
Thanks Beth.
Putting your advice to work now.
Th a inks Girl!! You’re just way past awesome??