Roughly one month ago, social media giant Facebook, announced a breach that may have impacted up to 50 million of their users. The company believes that attackers used the Facebook developer APIs to obtain user information commonly found in bios, like:
The New York Times also indicates that the breach may have allowed hackers to gain access to applications that user’s sync with their Facebook profile like Spotify or Instagram. And while Facebook said it’s unlikely private messages or credit card information was accessed in the breach, it’s still wise to be cautious and take additional security measures if you use the social media platform.
How to tell if your Facebook was affected
Facebook has announced they intend to alert users if their accounts were hacked. If you noticed an alert at the top of your news feed sometime in the last month, you already know you were compromised.
If you haven’t been alerted, you can take a manual approach to see if your account was apart of the breach. Consider the following ways to tell if your profile was one of the 50 million hacked accounts.
Do you use the ‘View As’ feature?
Ironically, the “view as” feature Facebook built was meant give users more control over their privacy. Yet, it has been pegged as the culprit in this attack.
The ‘view as’ feature shows which pieces of information your friends (or the general public) can see on your Facebook account. Facebook updated the feature in July 2017, and though the breach wasn’t discovered until a spike of unusual activity popped up on Facebook’s radar in September, it’s assumed the vulnerability has been present since the initial update.
Following that logic, if you’ve used the ‘view as’ feature in the last six months to a year, it’s likely your account was targeted.
Were you automatically logged out of your Facebook account?
After Facebook identified which access tokens (or accounts) were affected in the breach, the company automatically logged roughly 90 million users out of their accounts to stop hackers from falsely accessing user information.
If you were forced to re-enter your password around September 28, there’s reason to believe your account was one of the 50 million breached.
Do you know how to check your device log?
If you fear your account was compromised but weren’t automatically logged out by Facebook, or alerted, you can check for yourself. Go into your account settings to see the sign-in activity by a device and location. The exact path to follow is: Settings > Security and Login >Where You’re Logged In.
This should show if there are any unfamiliar devices or locations associated with your account.
What to do to Protect Yourself Now, and in the Future?
It’s still unclear who was behind the attack, or how users’ information is being used. But, as a precaution make sure to continue checking in on your account activity.
After a scare such as this, it’s a great idea to change all of your passwords, especially if you use the credentials for multiple accounts.
The easiest way to create secure passwords is through EZPD. Let our proprietary software create complex strings of symbols, characters, and numbers to ensure your passwords meet proper strength requirements. Then, let EZPD regenerate your passwords so you don’t need to worry about storing your information in the cloud, or in a way that can make your data vulnerable.