What do you need to do about the recent Facebook security breach?
Credit to Author: Alex Perekalin| Date: Fri, 28 Sep 2018 20:50:27 +0000
What you need to do about the recent Facebook security breach:
- Nothing.
What you DON’T NEED to do about the recent Facebook security breach:
- Don’t rush to change your password. Passwords were not affected during that breach, they’re safe and sound.
- Don’t panic. Even if you found yourself logged out of Facebook for some reason. That means that Facebook thinks you’re probably affected and they’ve reset the authentication token for you so that nobody but you could gain access your account. So if nothing bad has happened before, now your account is safe. You’ll need to rel-ogin entering your password and 2FA code (if you have enabled it), but that’s all.
- Don’t delete your Facebook account. Well, of course you can always do that, but this breach is not the reason to be worried too much.
Here’s what actually happened
On September 28, Facebook published a security update, describing the fact that the company’s engineering team has discovered a security issue affecting almost 50 million accounts. The security issue means that somebody has performed a rather sophisticated attack that allowed them to steal 50 million user access tokens.
An access token is, as Facebook itself describes it, basically a key to your account. If a person has it, Facebook considers that person authorized to enter that account and doesn’t request entering login and password and 2FA codes. So, having stolen 50,000,000 user access tokens, the malefactors could potentially access those 50,000,000 accounts. But that doesn’t mean they got access to your passwords or somehow broken two-factor authentication mechanism. Your password is secure and 2FA is still working as intended. But stealing a token is a way to bypass these defenses.
Facebook explains that investigation of the incident is in the very early stages, but for now they suspect that somebody found a vulnerability in their “View as somebody” feature and exploited it, gaining access to 50 million account tokens. That’s why they have turned the feature off, reset the user authentication tokens for those accounts and are in the process of resetting those tokens for another 40 million users who have used this feature last year. The last part seems to be more like a precaution, but now they are in a situation when they can’t have too much security.
If the token is reset, that means that a person who has it can no longer access the account this token is issued for and they need to login again. The malefactors don’t have your login or password, and that means they can no longer login pretending to be you (even if you were among the affected people).
Facebook promises to update their post once it’s clear what exactly has happened and whether any of the affected accounts were somehow misused, but for now we suggest doing what we have described in the beginning of the post: nothing. There’s literally nothing you could do at the moment, so don’t panic. When the situation clears up some more, we’ll come up with more detailed instructions in case if there is actually something that you can do.