Your Facebook account may have been hacked this week. The social networking giant said on Friday "nearly 50 million accounts" were compromised, a discovery that its engineers made on Tuesday. Here's what you need to know.
According to Facebook, "attackers exploited a vulnerability in Facebook's code that affected View As, a feature that allows users to see what their own profile looks like to someone else. They're supposed to steal Facebook access tokens, which they then use to steal." Accounts of people. "
What is an access token?
With an access token you are logged in to Facebook, so you do not have to enter your password every time Visit the website or app. If an attacker has your token, he or she has access to your account.
Was my account hacked?
Probabilities are not. While 50 million sound like a large number, that's a small percentage of the more than two billion active Facebook accounts. If you go to your Facebook page and do not need to log in, your account is safe – it was not violated. If you go to your Facebook page and find that you are logged out, your account may have been violated.
In response to the discovery of the attack, Facebook dropped the access tokens of the 50 million accounts that were compromised. These users must enter their password to log in again. Facebook has also taken the precaution to reset access tokens for another 40 million accounts for users who have been using the "serve as" feature over the last year.
If your account was affected, Facebook will notify you in a message at the top of your news feed when you sign up again to explain what happened.
Facebook temporarily disabled the "Show As" feature during the scan.
Did Facebook fix the violation?
According to Mark Zuckerberg himself, "we patched the vulnerability to prevent this attacker or anyone else from stealing additional access tokens." However, the company still does not know who is responsible for the attack.
I'm still nervous. Should I change my password?
Facebook says you do not need to change your password, but it would not hurt to choose a new one. After all, Cambridge Analytica's fiasco was worse than Facebook had originally assumed or admitted.
You can also simply sign out of your Facebook account and sign in again without changing your password. This simple action will reset your access token, which should lead to immediate problems while we wait for Facebook to reveal more information about the attack.
To unsubscribe from Facebook on all your devices, go to the Security and Login page, and in the Where you are logged in section, click More and then click on Logout of all sessions .