When it comes to user’s data security and hacking, the last couple of years were a bit of a nightmare for Facebook. First, it was the Cambridge Analytical scandal, revealing that Facebook allowed the personal information of its users to be harvested and used by third parties, without the user’s content. Now, Facebook said that 50 million accounts have been hacked.
According to Facebook engineers, the hackers exploited a feature called “View As? that lets people to see how their profile looks like to others. A vulnerability in the code of this feature allowed hackers to steal the so-called “Facebook access tokens? which they used in order to take over people’s accounts.
The Facebook access tokens keep users logged into their Facebook accounts without the need to enter their password each time they want to use the social media service. After the attack was discovered, Facebook reset the access tokens for the 50 million accounts that were hacked and, as a precaution, to some additional 40 million accounts that used the “View As? feature in the last year.
Facebook says that some of the users had only their name, email address and phone number hacked. For others, it was a lot more data: information in the biography (gender, age, language, relationship, religion, education and so on), workplace, devices used to access Facebook, places they checked in, people or pages they follow and much more. So, it’s a treasure trove of data that could easily be used by hackers to basically steal a person’s identity. Depending on how much you use Facebook and what type of data you share on the social media network, this hack could potentially pose a very serious risk that should not be minimized.
How to find out if your account was hacked and what to do about it
First, the good news: there’s actually a pretty small chance that your account was hacked. 50 million accounts sound like a lot but, considering the fact that Facebook has two billion active users, the proportion of hacked accounts is rather low: only 2.5%. However, better safe than sorry, so here’s how to make absolutely sure that your personal information is safe and sound and not in the hands of hackers:
- Go to this Facebook page while logged into your account. It’s a security update page set up by the social media giant after the incident. You’ll find a lot of details about the hack and the Facebook’s security measures, but the most important piece of information is at the bottom of the page, where you’ll find a Yes or No answer to the “Is my Facebook account impacted by this security issue??
- If your account was hacked, Facebook supposedly already sent you a warning atop your News Feed. However, this types of events are always developing over a longer period of time and the companies are not always disclosing all the details. So, even if you didn’t get the notification, you should check the security update page listed above and, at the very least, you should log out of your Facebook account on all your devices, then log in again. This way, Facebook will generate a new set of access tokens for your account.
- Check “Where you’re logged in? feature from “Security and Login? in Settings. A list of all the devices that you’ve used to access Facebook will show up. If you don’t recognize one of the devices, select “Not You? on the right side of the log, then click “Secure Account?. If you see devices and locations you definitely didn’t use, it’s a clear sign that your account was hacked.
- According to Facebook, users passwords and credit card info were not accessed during the hack, so, in theory, you don’t need to change that. However, if the Facebook security update says that your account is one of those that were hacked, you should change your password for at least the social media site. Better yet, update the password for your email account also.
- Be aware that you and your family might become targets for phishing attempts. Your phone number and email address could have been sold to shady businesses or to con men. Watch out for suspicious phone calls, messages and emails. There are many ways in which your personal information could be exploited: for example, by using details from your account, someone could contact your elderly parents and convince them you’re in trouble and you need money. If you have family members that are not well-versed on social media and Internet, let them know they should always ignore those type of calls, messages or emails and to contact you directly instead.
- If you get emails that look like they are from Facebook, make sure they really are from the social media company by accessing this link. Even if the hackers didn’t get a hold of your account, they could be using your name and email address to steal your data.
- Contact your bank and add additional security layers to your account. Your bio data can easily be used to get passed the security questions associated to your bank accounts, making it easier for hackers to steal your money.
- Think of all your online of offline accounts (email addresses, bank accounts, subscriptions and so on) where you used bio details that can be found on your Facebook account as security questions. Make sure that you update the security questions with information that can’t be found online for the ones that are important.
- If your work email was connected to your Facebook account, contact your company’s IT department and let them know that your account might have been hacked.
- Thinking that you’re safe if nothing wrong happened until now is wrong. Hackers might not be interested in using your data. It’s impossible for them to use all the data they stolen. They will probably sell it, and they could do that multiple times, to different entities, years from now. If your account was hacked, and Facebook confirms it, it’s essential that you take safety measures.
How to keep your Facebook account from being hacked in the future
Well, to be completely honest, you can’t 100% protect your Facebook account or any of your online accounts from hacking. Unfortunately, hackers are very inventive people and they will keep finding ways to steal information, even as companies and individuals are paying more and more attention to safety measures. However, there are many ways to improve the security of your Facebook account:
- Go to your Facebook account settings and turn on login alerts. This way, you’ll receive notifications when someone tries to log into your account.
- Select two-layer authentication for your Facebook account (and do the same with all the apps and websites that have this option).
- Another safety option Facebook offers is to select trusted accounts to help you unlock your account if it’s hacked. You can choose three to five trusted accounts that can send you a code and an URL from Facebook if you were locked out of your account.
- Exercise your common sense about the type of information and photos you should post and share online. Sometimes, that’s the best, most efficient precaution you could take!