Last Friday, Facebook announced that they had experienced a data breach and attackers had collected information from over 50 million accounts via “access tokens” that could potentially give them access to sensitive information from your Facebook profile.
The attackers used the tokens to access websites or services that use the companies “Login with Facebook” security feature. Facebook has yet to reveal the unnamed attackers or exactly how many of those accounts were accessed or what information has already been accessed. It’s imperative to be safe rather than sorry.
What you should know is that even if you don’t use Facebook’s “Login with Facebook” function, these hackers can use your information to create new accounts. You also do not have to necessarily change your password. Deleting your Facebook account isn’t going to help as accounts created using these tokens do not get affected, however, Facebook says it has already invalidated the tokens which means no new accounts can be created.
Here’s how to check for any suspicious activity regarding your connected apps and see if new accounts have been created without your knowledge.
- Go to Facebook and in the top right, you’ll see a drop-down arrow and on click it
- Select “Settings”
- After clicking on it, go straight to the left column and scroll down to the “Apps and Websites” section. Here you’ll see services that have been logged in using your Facebook account. If you notice suspicious new accounts, immediately report them to Facebook. If possible, log out of these services and terminate all active sessions
- If you use Facebook’s single sign-on, head over to those accounts to look for any irregular activities. If you notice any, report to Facebook
- Still, on the left column, click the “Security and Login” and check the “Where you’re logged in” for irregular sessions. If you notice any, click the triple dots and then “Not You?“. This option will report the suspicious activity to Facebook
- While you’re here, scroll down to the “Setting Up Extra Security” section and sign up for notifications to alert you if someone tries to access your Facebook profile
- Also be on the lookout for any suspicious activities like emails from websites that you haven’t signed up for
Unlike the Cambridge Analytica scandal in which the company got personal data from Facebook’s own systems, this recent breach has higher stakes. The attackers could misuse your Facebook account in that they can change your account’s settings, delete or add new friends and delete posts, comments, messages or change their privacy settings.
What you can also do for now:
- Suspend all login activities that have to include Facebook and use alternative login methods such as your email.
- Sign up for services like HaveIBeenPwned.com to give you a heads up and let you know if you’ve been part of a recent breach.
To make Facebook pay for this negligence, regulators, journalists and the #DeleteFacebook movement will need to connect this breach to a tangible threat to our offline lives or else, this attack will fade like the rest of Facebook’s recent scandals. The public will continue to persevere the social network’s privacy issues in exchange for the convenience it bestows.