50 million Facebook accounts were exposed. Here’s what you can do

SHARE 50 million Facebook accounts were exposed. Here’s what you can do
ap18092589154499.jpg

Facebook says it recently discovered a security breach affecting nearly 50 million user accounts. | AP file photo

Facebook hasn’t revealed a ton about the data breach in which hackers exploited code that couldlet them take over around 50 million user accounts. CEO Mark Zuckerberg explained that the company’s investigation is still in its early stages. But this latest rupture is another bruisefor a company that has already been hammered by a series of privacy and security violations, leading to a Zuckerberg grilling before Congress back in April.

Here’s what we know about this latest attackand what you should do about it:

Facebook says hackers exploited a vulnerability in the “View As” feature, which lets you see what your profile looks like to other people. Attackers were able to steal Facebook “access tokens” or the digital keys that keep you logged into Facebook so that you don’t need to re-enter your password every time you use the app.

The vulnerability apparentlystemmed from a change made in July 2017 in the way video was uploaded on the site, which the social networksays impacted “View As.” Havingobtained such access tokens, the bad guys were able tosteal more tokens.

Facebook says it recently discovered a security breach affecting nearly 50 million user accounts. | AP file photo

Facebook says it recently discovered a security breach affecting nearly 50 million user accounts. | AP file photo

Should I not use View As?

Actually, for now, you won’t be able to use it. While it investigates what happened here and who was responsible,Facebookhas temporarily turned off the feature.

Is my own account safe?

The short answer is you can’t know for sure, but Facebook has taken precautionary steps. On Friday, it forced some 90 million people to log out of their accounts –representing the 50 million it knows were affected, plus 40 million other accounts that took advantage of the View As feature in the last year.

Can I trust Facebook?

That’s a question many among Facebook’s 2.2 billion monthly active users are undoubtedly asking, and it is hard to blame anyone who doesn’t.

After all, this latest breach followsFacebook’s disclosureearlier in the year of an estimated 87 million people who had their profiles scraped and improperly shared with Cambridge Analytica, a political ad-targeting firm. During his testimony beforeCongress, Zuckerberg acknowledged that Facebook can amass data to construct what are being referred to as“shadow profiles” of you, even if you never opted in or joined Facebook.

That’s going to wig some of you out for sure.

Facebook did go to great pains to explain how and why it tracks non-users. You can read about such policies in this blog post from April, which privacy advocate Marc Rotenberg of the Electronic Privacy Information Center called at the time, “a giant surveillance warning label.”

What steps should I take right away?

Facebook claims you won’t need to change your password because of what has happened, but in my view better safe than sorry.

Gary Davis, Chief Consumer Security Evangelist, at McAfeerecommends certainly recommend changing your password – and not only at Facebook, butat Instagram, Twitter and other social media accounts as well.

You hear this all time, but don’t use the same passwords at each place, either, something all too many folks do.McAfee research reveals a third of people rely on the same three passwords for every account they’re signed up to.

Follow other longstanding cybersecurity best practices. For Tyler Moffitt, senior threat research analyst at threat intelligence provider Webroot, such practices include “disconnecting any unnecessary apps or games in social media platforms, making sure two-factor authentication is enabled and never giving out personal or financial information in your profile or private messenger conversations.”

Visit Facebook’s Help Center – click the circled question mark near the top of the screen to get there – near to change your password, implement two-factor authentication (Facebook will ask for a security code if it notices a log-in from an unusual device), or take other steps. Meanwhile, in the Security and Login settings, you’ll see a list of all the places that you log into with your Facebook account; Facebook lets you log out of those places with a single click.

Email:ebaig@usatoday.com; Follow USA TODAY Personal Tech Columnist @edbaig on Twitter

Contributing: Jessica Guynn in San Francisco


The Latest
The shooting happened about 9:15 p.m. in the 3800 block of West Monroe Street.
As gas prices soar, Illinois residents can apply for up to $4,000 in rebates for electric vehicles as part of a new climate-fighting clean energy law.
Since the Los Angeles Sparks won consecutive titles in 2001 and ’02, 13 of the 20 reigning champions didn’t make it back to the Finals; seven returned and lost. One of those seven was Parker’s 2017 Sparks team.
Harris was just in Illinois on June 24 for events in Plainfield and Chicago.
After allowing hits to five of the first nine hitters he faced Friday, Sampson switched to his off-speed pitches and retired 12 of the next 14.