On Tuesday September 25th, Facebook’s VP of Product Management Guy Rosen posted about a security breach directly affecting over 50 million accounts. Read on to see how you are affected.
Hackers used the “View As” feature to steal encryption keys to log into 50 million Facebook accounts. These encryption keys are saved in your browser window so you remain logged into your account and don’t have to retype the password each time.
The issue comes from an alteration made in video uploading from July 2017, so it’s possible the hackers have had access for a while. Facebook fixed this breach last Thursday, September 28th.
What does this mean for you?
Facebook reset the encryption keys of these 50 million accounts plus an extra 40 million accounts who have used the “View As” feature in the past year to ensure there’s no malicious activity left on the platform.
This means if you were affected and use automatic sign-in, you should have been logged out.
If affected, you’d be greeted with a message on sign-in explaining “An Important Security Update”. Facebook hasn’t specified the scope of the breach saying they need to investigate before commenting further.
However, hackers with access to 50 million accounts definitely had access to personal information. Also, applications within to Facebook, like Instagram, Messenger, or Spotify would have been breached if your accounts are linked.
Facebook has already contacted the authorities and patched the breach. They’ve also temporarily disabled the “View As” feature while they investigate.
Precautionary steps to take:
- Sign out of your Facebook account on all devices. Signing out manually will reset the stolen encrypted account tokens so the hackers will no longer have them.
- Change your Facebook Password via the steps below:
Settings > Security & Login > “Edit” next to Change Password > Save