Last week, Facebook was forced to log out more than 90 million users from their accounts in response to a massive data breach the Facebook security team uncovered.
The team identified unusual traffic spikes on its servers that started back on September 16. The access tokens of 50 million Facebook users where siphoned off, allowing the attackers to use that key in replay attacks to take over victims’ accounts.
No passwords were leaked, but any third party apps that are using Facebook’s service to authenticate might have been at risk (such apps will include Instagram, Tinder and Spotify).
Facebook with the help of the FBI are still investigating the issues. So far it’s unclear who perpetuated that attack and if specific countries or people were targeted.
According to some reports, Facebook faces a potential $1.63 billion fine in Europe unrelated to the previous Facebook/Cambridge Analytica data scandal case.
If you have been logged out from your account last week, don’t worry unduly. It was for Facebook to regenerate your access token after they have fixed the vulnerability issues. The usual “change your password and use a stronger password” advice is not applicable here − in fact you don’t even need to change your password at all.
To check whether you have been compromised requires a little work. You have to look up your connection history and identify suspicious sessions. To do so, from your “Account Settings”, go to “Security and Login” and review the entries in “Where You’re Logged In” section. From there, you can take action and revoke malicious entries.
Millions of people have already quit and deleted their Facebook accounts after their recent data leak issues. This latest incident will for sure encourage more fence sitters to follow suit.