Facebook, the social media giant with over two billion monthly active users, reported earlier today that their engineering team discovered an attack on their systems that compromised the information of 50 million Facebook users.
As one of the leading data-collection agencies in the world, Facebook is nearly unrivaled in its depth and range of user data, and leverages that data to sell premium ad space to advertisers. In 2017, Facebook generated 98% of its global revenue through its advertising business.
That highly sensitive personal data of 50 million users is at risk, and an additional 40 million people may have been affected by the hack, according to Facebook.
The vulnerability, which exploited a flaw in Facebook’s “view as” feature, allowed hackers to gain control of around 50 million user accounts.
Facebook, to their credit, reported the attack—which took place on Tuesday, September 25th—quickly, and patched the vulnerability. They are currently investigating the nature of the attack in order to provide more information to those affected, and to prevent further hacks.
Before we get into what happened in the breach, it’s important for you to take the following steps to secure your Facebook account.
How do I secure my Facebook account?
If you have a Facebook account, we recommend updating your password immediately.
“Because the extent of the hack is unknown, we recommend that everyone with a Facebook account updates their Facebook password, as well as any similar passwords that they use for other online accounts,” says Dashlane CEO Emmanuel Schalit. “Each of your online accounts should have a unique, complex password—this is especially true of accounts that contain sensitive personal information like social media accounts, banking accounts, and email accounts.”
How can I remember unique, strong passwords for all of my hundreds of accounts?
A password manager app—like Dashlane— allows you to easily and securely store, manage, and fill passwords and personal information online automatically. Therefore, you can create unique, complex passwords for every account because your password manager remembers and types them for you.
It’s simple to create passwords with a Password Generator, located in all Dashlane apps and available via the web extension any time you sign up for a new online account in your browser.
Don’t forget to add two-factor authentication to sensitive accounts.
As a reminder, we always recommend activating two-factor authentication on sensitive accounts to create an additional layer of security. Two-factor authentication is a second method of authentication beyond a password—for example, an email verification—that makes it harder for hackers to gain access to your accounts.
How did Facebook get hacked?
Facebook doesn’t have a ton of information to provide about the attack, but so far we know that the attack originated from a vulnerability in Facebook’s code around their “view as” feature, a feature that allows users to see what their profile looks like to someone else.
According to Facebook, this allowed hackers to “steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
As of now, Facebook isn’t sure if any compromised accounts were misused or if any sensitive personal information was accessed. However, when it comes to hacks, it’s always better to err on the side of caution and be proactive about updating your compromised passwords.
Facebook is unsure who is behind these attacks or what their motive is.
What else can I do to stay safe online and protect my private data?
Using a password manager is the easiest and best way to protect your private data online.
Dashlane can help you stay safe by remembering all of your complex, unique passwords for you, and securely filling them in online, on your phone, and in your apps. Password reuse is one of the biggest causes of account takeover, so it’s imperative that you stop using the same passwords everywhere and let a password manager take care of that for you.
Update your Facebook password first, then do yourself a favor and get Dashlane.
We will also make sure to notify you immediately anytime one of your accounts gets compromised, so you can stay one step ahead of hackers and keep your accounts, passwords, and personal information safe.
We stand by everyone’s right to data privacy, and believe in a future where the only person who has control of your personal information is you. So instead of using Facebook to login to different sites, use Dashlane and stay protected.