Threat Highlight: Facebook Data Breach
As you may have heard in the news, just last week hackers gained access to 50 million Facebook accounts. Now, a week after the initial discovery, Facebook is still struggling to explain the exact impact and damage done. Independent researchers believe the damage could extend beyond Facebook’s borders as this breach is a potential back door to thousands of third-party apps.
The way the hackers got in was by stealing access tokens (automated log-in credentials) that enabled them to exploit Facebook’s “View As” privacy feature. These tokens are what allow you to automatically log into other apps and websites without having to re-enter your password. Using one app to log into another may seem quite convenient, but this is a perfect example of how dangerous it can be and why to treat password management seriously.
What has Facebook done?
- Forced those 50 million users to log back into their accounts
- Temporarily disabled the “View As” feature during the ongoing investigation
- Reset the access tokens of another 40 million users as a precautionary measure
What should I do?
Although we still don’t know for sure exactly who or what has been compromised, here are a few precautionary steps we recommend you take.
- Look for unusual activity on any of your accounts.
- Use a password manager. We recently covered this topic on the IT Happens Blog. A password manager will help you maintain unique and highly effective passwords for every site that you visit, without the stress of having to memorize every individual piece of login information. These tools essentially function as a digital safe that will house all of your passwords, keep them secure, and even assist with the creation of stronger options.
- Utilize multi-factor authentication, especially for third-party apps. If possible, opt for physical tokens as they are much safer than emails or text messages.
- Don’t sacrifice security for convenience!
And most importantly, ALWAYS BE VIGILANT!
We preach this from sun up to sun down so it’s nothing new especially to those of you that follow our blog and newsletters. Keeping yourself educated on the latest threats and tactics is key. Phishing does not just happen via email anymore. As hackers continue to evolve and find more ways in we need to stay one step ahead at all times.