By Daniel Brouse
In late September, Facebook acknowledged having 50 million accounts hacked; however, Facebook has not been forthcoming with answers or a response. To the best of our knowledge, Facebook has not notified any of the victims. Facebook said, “On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts.”
CNN reported, “On Sunday, September 16, engineers at Facebook detected some unusual activity on the social media platform’s networks. It was an attack, the biggest security breach in Facebook’s history. And it would take the company 11 more days to stop it.
Now, almost a week since the public was first told of the attack, we still barely know anything about what happened.”
The hackers were able to use a Facebook feature (“View As”) to access anyone’s account that was left logged in (typically cell phones, Ipads, etc.)
Within a week, a viral “hoax” was used to exploit a known vulnerability in the Facebook messenger app. The Facebook messenger app has never been secure. The app is different than the messenger feature on the computer version of Facebook. The unsecure app is a separate app that is installed on phones and similar devices. The Facebook messenger app should be uninstalled and not reinstalled. Only use the Facebook messenger when logged on through a computer that does not use the app.
The viral hoax is probably part 2 of the hack. If you are getting the messages, it’s likely you have been hacked and are sending the hoax to yourself. The messages are to further verify your account for the hackers, as well as, spread your breach through a known fb messenger app exploit.
Less than 1% of the messages are sent by humans. If you are getting the messages from people on your friends list, your friends list was more than likely compromised.
About the 50 million accounts that were hacked, the FTC recommends:
Facebook recently announced the largest breach in the company’s history. The breach affected about 50 million users, allowing hackers to take over their accounts. If you use Facebook, you may be wondering what to do next. Here are a few steps you can take.
First, you probably want to know more about the breach. According to Facebook, the attackers took advantage of a weakness in the “View As” feature, which lets people see what their profile looks like to others. The hackers stole digital keys that keep you logged in to Facebook so you don’t need to re-enter your password every time. Facebook says they’ve fixed the vulnerabilities and reset digital keys on 50 million affected accounts, plus an additional 40 million accounts that used the “View As” function.
To better protect yourself after this breach:
- Watch out for imposter scams. With access to your Facebook account, hackers can get a lot of information about you. That information could be used to impersonate people you know or companies you do business with. If someone calls you out of the blue, asking for money or personal information, hang up. Then, if you want to know for sure if the person calling you was really your family member or was really from a company you know and trust, call them back at a number you know to be correct before you give any information or money. And remember: anyone who demands that you pay by gift card or by wiring money is scamming you. Always.
- Consider changing your password. Facebook says that it fixed the vulnerability, so there’s no need to change your password. But, to be safe, log in and change your password anyway. If you use the same password other places, change it there, too. Don’t forget to change your security questions, as well – especially if the answers include information that could be found in your Facebook account.
For more information about what to do after a data breach, visit IdentityTheft.gov/databreach and watch the FTC’s video on What to Do After a Data Breach.
If you learn that someone has misused your personal information, go to IdentityTheft.gov to report identity theft and get a personal recovery plan. Because recovering from identity theft – and data breaches – is easier with a plan.