Everything You Need To Know About The Facebook Breach (And How To Secure Your Account)

Another day, another Facebook hack. This time around, the accounts of some 50 million users were left vulnerable for over a year, with Facebook only identifying and fixing the problem on September 25. Find out exactly what happened, if you’re affected, and what you can do to protect yourself in the future.

[referenced url=”https://www.lifehacker.com.au/2018/09/alert-facebook-data-breach-hits-50-million-users/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2014/07/Facebook-768×432.jpg” title=”Facebook Data Breach Hits 50 Million Users” excerpt=”A massive Facebook data breach has compromised nearly 50 million accounts according to the company. Nearly 100 million users were forcibly logged out of their accounts as Facebook scrambled to fix the issue. Here’s what you need to know.”]

Facebook was breached? What happened?

Last Tuesday, Facebook identified a vulnerability in its “View As” feature.

According to VP of Product Management Guy Rosen, this vulnerability was introduced in July 2017, as part of an update involving video uploading. Put simply, it allowed attackers to gain “access tokens” for other user accounts.

In response, Facebook has reset the access tokens for all affected accounts.

How many people were affected?

While the number of 50 million has been bandied about, up to 90 million accounts were affected, due to the way the View As feature works. As a “precautionary step”, Facebook has reset the access tokens for these additional 40 million accounts.

[referenced url=”https://www.lifehacker.com.au/2018/03/how-to-lock-down-your-facebook-privacy-settings/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2018/03/facebook-privacy-settings-768×432.jpg” title=”5 Things You Can Do To Lock Down Facebook Privacy Settings” excerpt=”With Facebook embroiled in a massive data harvesting and privacy abuse scandal, following the Cambridge Analytica revelations, now is a good time to revisit all your Facebook security settings and think about what you’re sharing on the world’s most dominant social network. Here’s our guide to Facebook security and privacy.”]

How do I know if I’m affected?

If Facebook believes your account is affected, two things will happen.

First, any active Facebook logins, such as on your desktop or phone, will be logged out, in addition to any apps or services that use Facebook Login. As such, you’ll need to log in again.

Second, when you do log in, you’ll see a message like the one below.

What’s Facebook doing now?

The investigation is “still in its early stages” and the problem has been fixed, according to Rosen. The company has also disabled the View As feature for the time being, just to be safe.

How can I secure my account?

Due to the nature of the vulnerability, there was no option, or combination of options, that you could set to protect your account — short of deleting it. That said, there are steps you can take to make sure your Facebook account is as secure as possible.

To be extra safe, be sure to read our guide on Facebook privacy as well as surviving a Facebook hack.

I’m sick of Facebook. What can I do?

Given the mess with Cambridge Analytica, and now this latest breach, it might be time to rid yourself of Facebook entirely.

While there isn’t much you can do to convince friends and family to commit their accounts to the digital graveyard, there’s nothing stopping you from pulling the plug.

Note that Facebook provides two options, one less permanent than the other: deactivation and deletion.

Deactivation is the soft option. It’ll hide your profile and stop you from turning up in search results, but friends might still be able to see you in their friends list. And, it leaves you with the ability to come back.

Depending on your usage, you can still communicate via Messenger (for example, if you deactivate your Facebook account while Messenger is logged in on your phone). Deactivating Messenger therefore becomes a separate step.

To deactivate your account, go to Settings > General > Manage your account. From there, you can select “Deactivate your account”.

Deletion is the nuclear option. Everything that’s part of your Facebook account — posts, photos, videos, Messenger, etc. — will be removed forever. Unsurprisingly, you can’t undo this (with one exception, which we’ll cover).

The only things that will stay are messages you’ve sent to other users, as they’re stored as part of their account.

To delete your account, go to Settings > Facebook Information > Delete Your Account and Information, and then click “Delete My Account”. If you want, Facebook allows you to download your data beforehand.

Keep in mind deletion doesn’t happen immediately. Facebook offers a 14-day grace period, where you can undo the deletion by logging back in and clicking “Cancel Deletion”. Beyond this, however, your account will be nuked, though Facebook says it can take up to 90 days for everything to disappear.

[referenced url=”https://www.lifehacker.com.au/2018/04/how-to-survive-a-facebook-hack/” thumb=”https://i.kinja-img.com/gawker-media/image/upload/c_lfill,w_768/ux3xmhw4evogyumn2zkk.jpg” title=”How To Survive A Facebook Hack” excerpt=”Here we go again. Radware’s threat research group recently announced that more than 40,000 Facebook users were duped into downloading a ‘Relieve Stress Paint’ application, via a crafty phishing email, that stole their login credentials and browser cookies while they pretend-painted in the app.”]

The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.


4 responses to “Everything You Need To Know About The Facebook Breach (And How To Secure Your Account)”

Leave a Reply