Facebook is once again making massive headlines after cleaning up a major security incident that exposed the account data of millions of users. What has already been a rocky year after the Cambridge Analytica scandal, the company is scrambling to regain its users trust after another security incident exposed user data. But unlike the said scandal, in which a third-party company erroneously accessed data that a then-legitimate quiz app had siphoned up, this vulnerability allowed attackers to directly take over user accounts, WIRED reports.
So what exactly happened? The social media giant says at least 50 million users’ data were confirmed at risk after attackers exploited a vulnerability that allowed them access to personal data. The company also preventively secure 40 million additional accounts out of an abundance of caution.
As far as the question of what were the hackers after, the tech company’s CEO Mark Zuckerberg offered an explanation. He said that the company has not seen any accounts compromised and improperly accessed — although it is still early to conclude and that may change. But Zuckerberg said that the attackers were using Facebook developer APIs to obtain some information, like “name, gender, and hometowns” that’s linked to a user’s profile page.
Users affected by the breach were logged you out of their account. The social network said it would also notify these people in a message on top of their News Feed about what happened.
However, an important thing to note is that being logged out does not necessarily meant the account is breached. Facebook has also logged out everyone who used the “View As” feature since the vulnerability was introduced as a “precautionary measure.” It also said that this will require another 40 million people or more to log back into their accounts, adding: “We do not currently have any evidence that suggests these accounts have been compromised.”
Fortunately, according to Facebook, the issue has been yes. It believes it has fixed the security vulnerability, which enabled hackers to exploit a weakness in the social media’s code to access the “View As” privacy tool that allows users to see how their profile looks to other people.
Attackers would then be able to steal the access tokens that allow people to stay logged into their accounts. Then, Facebook admits, they could use these to take over people’s profiles. The company is also temporarily turning off the aforementioned feature while it conducts a “thorough security review.”
Nonetheless, Facebook admitted that this could be an issue, but it can be hard to know what users logged into using their account. This information can be found in the settings. First, go to “apps and websites” and then “logged in using Facebook.”
This should help users find all the apps they have used Facebook to log in to. It is a good idea to remove these, even if people think they have not been impacted by the breach. If they have been affected, they also need to change the passwords for those accounts to be safe.
Facebook says there is no need for people to change their passwords. However, there is no harm in doing so – ensuring that their new password is secure and that they do not use it to log into other accounts.
Users also have the option to log out of Facebook, even if they do not think they have been impacted, using the “security and login” section in “settings.” This lists the places people are logged into Facebook with a one-click option to log out of all of them. People who have forgotten their passwords can access Facebook’s Help Center.