Last week, Facebook found a vulnerability in its code that allowed hackers to access personal information from 50 million users. The leak, which had to do with the function of looking at how your profile looks for others, has been closed. And it was indeed misused.
“It is clear that hackers have misused a vulnerability in the Facebook code around the “View As” function that shows people how their profile looks for someone else,” says a blog post from the social network site. “This allowed them to steal Facebook access tokens that they could then use to take over people’s accounts.”
“Access tokens are the equivalent of digital keys that keep people logged in on Facebook so they do not have to enter their password every time they use the app,” it says. The company temporarily disengaged the ‘View As’ feature and reset the access keys of the 50 million affected accounts, plus another 40 million others for which a ‘View As’ order was executed last year.
Facebook makes it appear that you cannot do much more yourself. But these are some precautions you can take:
1. Check registered devices
The best way to figure out if someone else has access to your account is to check which devices have logged in. The function can be found on the ‘Security and registration’ page under the tab ‘Where you are logged in’, where you can see all used devices and their locations. Spotted an unknown device or an unusual location? Click ‘Sign out’ to kick the device out of your account.
2. Change your password
Facebook says that it has fanned the vulnerability, and that it is therefore not necessary to change your password. But if you really want to sleep on two ears, it can never hurt, especially when your old password is rather weak. Preferably do not use an existing word, but a complex password that you do not use on other sites, including numbers and special characters.
Are you crazy about all those passwords? Then you might want to consider a password management app such as 1Password or LastPass, which will keep all your passwords in a digital vault that you can open with a single central password. Of course, that must be a very strong one.
3. Enable two-stage authentication
Like many sites, Facebook offers two-step verification, a security feature that asks you to enter a special login code when someone wants to access from an unknown computer or an unknown mobile device. Facebook will then send you an access code, so that someone with your password can hardly access your account. It is also possible to use a verification app from another company, such as Google Authenticator or LastPass.
The feature also allows you to confirm each login attempt or receive alerts when someone tries to log in from a computer that Facebook does not recognize.