It’s time to change your passwords again.
Facebook announced Friday its security team had discovered a vulnerability affecting 50 million users. “We are taking it really seriously,” Facebook chief executive officer Mark Zuckerberg said in a statement.
“This allowed [the attackers] to steal Facebook access tokens which they could then use to take over people’s accounts,” Facebook said in a statement. “Access tokens are the equivalent of digital keys that keep people logged into Facebook so they don’t need to re-enter their password every time they use the app.”
‘We are taking it really seriously.’ Facebook CEO Mark Zuckerberg
People affected have been automatically logged out of their accounts and will get a notification at the top of their News Feed alerting them they were hacked, a spokeswoman told MarketWatch. Anyone who has a Facebook account — whether they have been alerted they were compromised or not — should change passwords, said Emmanuel Schalit, chief executive officer of password manager Dashlane.
“Because the extent of the hack is unknown, we recommend that everyone with a Facebook account updates their Facebook password, as well as any similar passwords that they use for other online accounts,” he said. “Each of your online accounts should have a unique, complex password — this is especially true of accounts that contain sensitive personal information like social media accounts, banking accounts, and email accounts.”
Security experts suggest using a password manager to lock down accounts and, in cases like these, users can run it through an automatic password reset. Users should also disconnect any third-party apps with access to Facebook data.
Some security experts say Facebook responded well to the hack, immediately notifying users and law enforcement. There are several measures every Facebook user should currently be taking, said Theresa Payton, chief executive officer of security consulting company Fortalice Solutions.
Do these 4 things today:
• Look for suspicious activity
• Out of abundance of caution log out and reset password
• Turn on two-factor authentication
• Use a new email address with the account
This is a privacy road-bump for Facebook, which has been embroiled in a number of scandals in the past year, including revelations that the personal data of 50 million users had been used to influence the 2016 U.S. Presidential election.
This major hack shows a need for better security for social media giants, said Jacob Serpa, product marketing manager at cloud security company Bitglass. “There can be zero tolerance for error when a company handles the personally identifiable information of 2.2 billion active monthly users.”
“The fact that Facebook allowed hackers to exfiltrate the private details of 50 million users is likely to have a detrimental effect on the company’s reputation for quite some time,” he said.
Get a daily roundup of the top reads in personal finance delivered to your inbox. Subscribe to MarketWatch's free Personal Finance Daily newsletter. Sign up here.