When did the hack happen?
Facebook discovered the breach on 25th September when they noticed unusual traffic in their servers.
While investigation they discovered a massive campaign targeting to steal data of millions of Facebook customers which has been ongoing on since September 16.
How did hackers get in?
Hackers exploited the vulnerability stole secret access tokens and allowing them to log into about 50 million people’s accounts on Facebook.
Access tokens help users to log in to facebook without re-entering the password every time they use the app.
According to reports, there were three vulnerabilities in Facebook. The First one is when accessed through “View As” page allowed users to an option to upload a video for certain post which enables users to wish birthday wishes to their friends.
The second flaw is that the video uploader generates an invalid access token which can be used as permission to log in to the Facebook mobile app.
The generated access token is for the user who you were looking up. The third flaw is that attackers can leverage this and steal the access token allowing to them access to the user account.
Attackers can use this token to steal data from user accounts using an API even without your login credentials.
These access token are also used for single sign-on which means using one account to log in to others. This means users can log in to other third-party apps using their Facebook account. So hackers having these access token make other third-party apps also at risk.
What all data was compromised in the breach?
The exposed data includes all your personal information, private messages, photos and videos. It is not still clear what all data were accessed by the hackers. Facebook confirmed that the breach did not expose user passwords.
What are the security measures taken by Facebook?
Facebook has reset access token for 50 million accounts causing them to logged out of their accounts. These users have to log back in to access their accounts.
As a precautionary measure, Facebook has also reset access token for another 40 million accounts who used the View As feature.
The company suspended access to more than 400 third-party apps after an audit of the thousands of outside apps connected to Facebook.
The company also disable “View As” feature temporarily until the investigation is completed.
How will you know whether your account was impacted in the breach or not?
All user affected by the breach will be logged out of their account automatically, and they need to log in back to access their accounts. Users will also get a notification in their newsfeed regarding the incident.
Users also can check any unauthorised access to your accounts by checking active session on your account.
In account settings click security and log in where you will see option see Where You’re Logged In. Check for any unknown login’s.
What are preventive measures to be taken by Facebook users?
- Review the security & privacy settings of Facebook account (https://www.facebook.com/settings)
- Check “Where You are Logged in” To see all devices that are logged in with your account.
- Change the password for Facebook and other online accounts
- Enable “Use Two Factor Authentication”
- Enable “Get alerts about unrecognized logins”
- Check what are the devices under “Authorized Logins”
You may be interested in reading:Facebook Admits using 2FA Phone Numbers for Targeted Ads