Everything You Need To Know About The Facebook Breach (And How To Secure Your Account)

Everything You Need To Know About The Facebook Breach (And How To Secure Your Account)
<a href='https://thoughtcatalog.com/'>Thought Catalog</a>, licensed under <a href='http://creativecommons.org/licenses/by/2.0/deed.en'>Creative Commons 2.0</a>

Another day, another Facebook hack. This time around, the accounts of some 50 million users were left vulnerable for over a year, with Facebook only identifying and fixing the problem on September 25. Find out exactly what happened, if you’re affected, and what you can do to protect yourself in the future.

Facebook Data Breach Hits 50 Million Users

A massive Facebook data breach has compromised nearly 50 million accounts according to the company. Nearly 100 million users were forcibly logged out of their accounts as Facebook scrambled to fix the issue. Here's what you need to know.

Read more

Facebook was breached? What happened?

Last Tuesday, Facebook identified a vulnerability in its “View As” feature.

According to VP of Product Management Guy Rosen, this vulnerability was introduced in July 2017, as part of an update involving video uploading. Put simply, it allowed attackers to gain “access tokens” for other user accounts.

In response, Facebook has reset the access tokens for all affected accounts.

How many people were affected?

While the number of 50 million has been bandied about, up to 90 million accounts were affected, due to the way the View As feature works. As a “precautionary step”, Facebook has reset the access tokens for these additional 40 million accounts.

5 Things You Can Do To Lock Down Facebook Privacy Settings

With Facebook embroiled in a massive data harvesting and privacy abuse scandal, following the Cambridge Analytica revelations, now is a good time to revisit all your Facebook security settings and think about what you're sharing on the world's most dominant social network. Here's our guide to Facebook security and privacy.

Read more

How do I know if I’m affected?

If Facebook believes your account is affected, two things will happen.

First, any active Facebook logins, such as on your desktop or phone, will be logged out, in addition to any apps or services that use Facebook Login. As such, you’ll need to log in again.

Second, when you do log in, you’ll see a message like the one below.

Everything You Need To Know About The Facebook Breach (And How To Secure Your Account)Image: Facebook

What’s Facebook doing now?

The investigation is “still in its early stages” and the problem has been fixed, according to Rosen. The company has also disabled the View As feature for the time being, just to be safe.

How can I secure my account?

Due to the nature of the vulnerability, there was no option, or combination of options, that you could set to protect your account — short of deleting it. That said, there are steps you can take to make sure your Facebook account is as secure as possible.

To be extra safe, be sure to read our guide on Facebook privacy as well as surviving a Facebook hack.

I’m sick of Facebook. What can I do?

Given the mess with Cambridge Analytica, and now this latest breach, it might be time to rid yourself of Facebook entirely.

While there isn’t much you can do to convince friends and family to commit their accounts to the digital graveyard, there’s nothing stopping you from pulling the plug.

Note that Facebook provides two options, one less permanent than the other: deactivation and deletion.

Deactivation is the soft option. It’ll hide your profile and stop you from turning up in search results, but friends might still be able to see you in their friends list. And, it leaves you with the ability to come back.

Depending on your usage, you can still communicate via Messenger (for example, if you deactivate your Facebook account while Messenger is logged in on your phone). Deactivating Messenger therefore becomes a separate step.

To deactivate your account, go to Settings > General > Manage your account. From there, you can select “Deactivate your account”.

Deletion is the nuclear option. Everything that’s part of your Facebook account — posts, photos, videos, Messenger, etc. — will be removed forever. Unsurprisingly, you can’t undo this (with one exception, which we’ll cover).

The only things that will stay are messages you’ve sent to other users, as they’re stored as part of their account.

To delete your account, go to Settings > Facebook Information > Delete Your Account and Information, and then click “Delete My Account”. If you want, Facebook allows you to download your data beforehand.

Keep in mind deletion doesn’t happen immediately. Facebook offers a 14-day grace period, where you can undo the deletion by logging back in and clicking “Cancel Deletion”. Beyond this, however, your account will be nuked, though Facebook says it can take up to 90 days for everything to disappear.

How To Survive A Facebook Hack

Here we go again. Radware's threat research group recently announced that more than 40,000 Facebook users were duped into downloading a 'Relieve Stress Paint' application, via a crafty phishing email, that stole their login credentials and browser cookies while they pretend-painted in the app.

Read more


  • This really needs to be looked at proportionately. less than 3% of the userbase has been potentially affected by this. So the chances of you being hacked by this is less than 3%.

  • All of the advice given is useless against the type of attact used.
    But as @djbear said, even though 50mill sounds a lot it is still a small percentage of overall users.

    • Yeah, i really dislike when media treats this like some huge hack when its not. Some media carries on like every single Facebook user has been hacked.

Show more comments

Log in to comment on this story!