A cybersecurity expert is calling the latest Facebook security breach “among the worst kinds out there”.
On Friday, Facebook announced it had discovered a security issue affecting almost 50 million accounts.
It said hackers exploited a vulnerability affecting its “View As” feature, which lets you see what your profile looks like to someone else.
David Shipley, CEO of Beauceron Security in Fredericton, said the attackers stole “access tokens” — digital keys which keep people logged into Facebook.
“Attackers were able to generate these tokens by going to people’s profiles without putting in the username and password,” Shipley told our newsroom, adding they could then hijack the accounts and capture personal information or use them for scams.
If you’ve been logged out of your account and asked to sign back in, it’s because we’ve discovered a security issue and are taking immediate action to protect people on Facebook. Learn more https://t.co/XLcHGYFBu2
— Facebook (@facebook) September 28, 2018
Facebook said the hackers may have also accessed other third-party apps which allow you to use your Facebook login instead of creating your own account.
The company has reset the affected access tokens and 40 million others as a precaution, meaning those people will have to log in again.
Shipley said this is a good time for all users — even those not affected by a breach — to create a new, unique password.
“Even these giant services can be breached,” Shipley said. “If you reuse a password and they have incidents like this — and right now, they’re saying it’s just the token but it could have been worse — that it’s really easy for attackers to take your email or your identity and try that in every online service.”
If you are worried about trying to remember all of those passwords, Shipley recommends using a password manager like LastPass.
(Photo: freeimages.com)