Last month Facebook revealed that its engineering team had discovered an issue where hackers were able to exploit a vulnerability in the site’s “View As” feature. The feature allows users to see what their profile looks like to someone else, but hackers were able to use it to steal Facebook access tokens and take over people’s accounts.
[referenced url=”https://www.lifehacker.com.au/2018/10/how-to-protect-yourself-after-facebooks-recent-hack/” thumb=”https://i.kinja-img.com/gawker-media/image/upload/t_ku-large/wgq5qd47n1lepjwvgjem.jpg” title=”How To Protect Yourself After Facebook’s Recent Hack ” excerpt=”It’s safe to say that this recent Facebook access token hack is a complete mess — much more than a simple inconvenience that might have forced you to log back in to your Facebook account on your devices. And while the company is still sorting out the details and working on ways for developers to mitigate the effects of the attack, there are three things you can do to regain a little more control over your digital life.”]
Access tokens work sort of like a digital set of keys and are what allow you to stay logged in with the Facebook app rather than entering your password every time you want to access the site.
The hack impacted 50 million accounts on the service. At the time, Facebook invalidated the access tokens for almost 90 million accounts as a precaution, and notified users that were logged out why that had happened.
At that point, Facebook had started investigating the issue, so it wasn’t exactly sure which users had actually been impacted.
While the investigation is still ongoing, Facebook is now notifying users if any of their data was compromised as a result of the hack. You can also check for yourself by clicking here and scrolling to the bottom the page. There, you’ll likely see one of the following two messages: You’re in the clear, or your account was affected and here’s what data the hackers might have accessed.
I was fortunate enough to be left out of this attack, but one of my Lifehacker colleagues wasn’t quite as lucky.
Unlike other attacks where you might want to change your password or monitor your credit card info, this one snagged data such as your name and contact information, as well as potentially your listed gender, religion, locations you’ve been tagged at, and Facebook pages you’ve liked (to name a few).
While this might mean you’re in for a bit more spam going forward, there isn’t a ton you can do about the Facebook hack except be more aware about what data you give to the service, improve your email and phone spam filters, and perhaps reconsider using Facebook entirely.
Comments