Facebook, revealed that it suffered a serious data breach and account login information of 50 million Facebook users. Facebook CEO, Mark Zuckerberg and Facebook COO, Sheryl Sandberg were also in the list of the affected users.
Facebook said in a web post that the security issue was related to the “View As” feature, which allows people to see a preview of what their profile looks like to other people.
This allowed the hackers to steal Facebook “access tokens” which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.
Facebook CEO, Mark Zuckerberg called the attack “a serious issue” in a call with reporters. “We don’t know if any (Facebook) accounts were actually misused,” he added.
Facebook said that it’s still investigating the extent of the security breach and it’s temporarily disabling the “View As” feature.
Things to do, after the Breach
The social networking giant said that it had reset all the access keys for affected users and that those users would have to log back into their accounts.
Change your Password
Facebook said that it had fixed the vulnerability, there is no need to change your password. But, if you got the security update and using a weak password or got an update of a suspicious device logged into your account then you must change it to a complex combination of numbers, letters and special characters.
Turn on Two-Factor authentication
This is a special feature which involves text messaging a unique code to your phone that you must type in after entering Facebook password. This way, even if someone gained access to your password, it would be difficult to log in without that code.
Check Improper Access
To determine whether someone has gained improper access to your account. Firstly login into your Facebook account and go to Settings.Then go to “Security and Login” feature and see “Where You Are Logged In,” you can see a list of devices that are signed into your account, as well as their locations. If you see an unfamiliar gadget or a device signed in at an odd location, you can click the “Remove” button to boot the device out of your account.