BREAKING: Facebook Announced 50 Million Accounts Affected by “A Security Issue”

Facebook today announced on its newsroom page that hackers “exploited a vulnerability” that created, “a security issue affecting almost 50 million [Facebook] accounts.” In addition, Facebook said it took a “precautionary step” and “reset access tokens for another 40 million accounts that have been subject to a ‘View As’ look-up in the last year.”

You will know for if your account is among the 90 million affected because you will be logged out the next time you access Facebook and will be asked to log back in.

Unclear if personal information was compromised

Facebook’s vice president of product management, Guy Rosen, posted 491-word security update that explained what happened and what action the company has taken to protect people’s security. The post did not indicate that this was a data breach. Instead, hackers found a way to use the “View As” feature, which allows users to see what their profile looks like to other people. By doing so, the hackers could, “steal Facebook access tokens which they could then use to take over people’s accounts."

According to Facebook, “Access tokens are … digital keys,” to keep you logged in so you, “don’t need to re-enter [a] password every time,” you visit Facebook.

Facebook said it is turning off the “View As” feature until its security review is completed.

Meantime, Facebook can’t yet say whether the hackers misused any accounts or if they accessed any user’s account information.

Unanswered questions

Facebook said the vulnerability was discovered by its engineers on Tuesday and has already been patched. While Facebook conducts its investigation, many questions remain unanswered. For example:

Could the tokens be used to log into other service providers that use Facebook as an identity provider?

• Should affected users change their password?
• Should non-affected users change their password?
• Did hackers access private messages or posts?
• Did hackers post from hacked accounts?

This breach comes on the heels of Facebook’s recent scandal where it allowed British consulting firm Cambridge Analytica to gather personal data of almost 90 million users.

Cybersecurity expert and blogger, Brian Krebs, posted on Twitter that he’s looking into whether the “bug impacts non-facebook [sic] properties.”

The Los Angeles Times reported that Rosen told reporters no password or credit card data were stolen.

However, out of an abundance of caution, Nuvision recommends that you consider changing your password and also take the opportunity to review 5 Steps to Create Strong, Unique, and Readily Accessible Passwords.

Your Data Protection is Most Important

As with any security incident, this is an excellent reminder that everyone should take their own data security seriously. You should be able to rely on companies to keep your information safe, but unfortunately that isn’t always the case. Consumers are the victims when their data is lost, stolen, or exposed, but you can take steps to protect yourself.

• Before giving a company your personal information, you should consider these seven things.

When changing your password, Nuvision suggests you ask yourself:

• Are any of your passwords less than 12 characters? If they are, change them and make them longer.
• Do any of your passwords contain real words (colors, animals, or phrases), patterns (34567 or qwerty), or identifiable characteristics (names, locations, or dates)? If they do, log in and use a random variation.
• Do you use the same password for multiple accounts? If so, you should use unique passwords for every account, or at least those with access to sensitive personal and financial information.

Monitor your accounts

Facebook’s latest issue is another in a line of recent cybersecurity incidents:

• Hackers stole customer credit cards in Newegg data breach (via TechCrunch)
• State Department reveals data breach, employee information exposed (via ZDNet)
• Air Canada: Attack Exposed 20,000 Mobile App Users' Data (via CUinfo Security)
• T-Mobile was hit by a data breach affecting around 2 million customers (via The Verge)
• MyHeritage Data Breach Hits 92 Million Users: What to do (via tom’s guide)

Your data is out there, and you can’t get it back. But you can read about seven ways to monitor your accounts and reduce the risk of fraud.

Stay on top of fraud trends and news

Nuvision is your credit union resource for alerts, news, and information about fraud, identity theft, financial and data protection, and cybersecurity. Learn about fraud protection and follow Nuvision on Facebook and Twitter to receive updates when new articles are published.