While there was a Facebook Hack Hoax going around last week, there was an actual Facebook Hack that took place back in September. Facebook thinks it began on September 14th and was identified as an actual attack on September 25th. Over the next two days, Facebook worked to close the vulnerabilities that the attackers used to steal access tokens to about 30 million Facebook accounts. According to Facebook, a group of hackers used a flaw they found in Facebook’s “View As” feature to steal the access tokens to the affected accounts. The “View As” feature is supposed to be a way for users to check what information others can see about them. It was supposed to be used to give users more control over their privacy. For now, Facebook has disabled that feature.
Facebook has reported that the hackers accessed contact information like names, emails and phone numbers for about 15 million users. And for about 14 million users, they also accessed additional things like gender, religion, location, device info, tagged locations, and pages that the users have liked. Facebook believes the last one million account tokens stolen were not used. They said that no data was taken from third-party apps that are linked to Facebook like Instagram, Messenger, etc.
Right now, Facebook reports that you do not have to do anything. You do not have to change your password because no passwords were stolen. The hackers stole account access tokens that users can use to keep from having to type in their password. Facebook reset those tokens when it was working on fixing the vulnerability. You may have noticed that you had to log in with your password in late September.
Facebook has set up a webpage in the Help Center for notifying those accounts that were affected. You will need to be logged into your Facebook account and then go to the webpage and scroll to the bottom of the page. There will be a message there letting you know if your account was affected and if it was, it will tell you what was accessed. Here is the link to the webpage: https://www.facebook.com/help/securitynotice
If your account was affected, you need to be on heightened alert for those hackers to use your stolen information against you in phishing attacks by phone and/or email. For those 14 million that had additional data stolen, the hackers can learn a great deal about the user and use that information against them in more sophisticated attacks. Please be vigilant and do not answer email and phone calls from people you do not know.
There are a couple of things you could do if your account was affected. It would be a good idea to check your last logins to Facebook and make sure those device logins were you and not someone else. You can go to this webpage to check your logins: https://www.facebook.com/settings?tab=security§ion=sessions&view . If you see any logins that are not you, click the three dots at the far right of the entry and click Not You or Logout. You can also scroll down a little further and take a few more precautions. You can turn on Alerts about unauthorized logins. Facebook will then notify you of any logins on any new devices. You should also check your Authorized Logins. These are the devices that are currently logged in and do not need a login code. Remove any you are no longer using. You could use Two-Factor Authentification, but I am not sure you should give Facebook your mobile number. Read this article to see my reasoning: https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051
If you would like to know all the data that Facebook has about you, you can download a copy of the data. Here is an article with the instructions: https://www.cnbc.com/2018/03/23/how-to-download-a-copy-of-facebook-data-about-you.html .
If after reading all this, you decide you just want to delete your Facebook page, here is an article to help you delete your account and all the data on your page: https://www.cnbc.com/2018/04/04/how-to-delete-everything-facebook-knows-about-you.html
Facebook is still investigating the attack and said that the FBI is also investigating. Time will tell what will come of this latest Facebook Hack. Somehow I lucked up. My account was not one of the millions affected. How about you? Was your Facebook account one of the unlucky ones? Let us know in the comments below as well as if you are going to keep or delete your Facebook account.