A creative-led integrated marketing agency

Were you affected? Should you be worried?


Facebook recently made public that, due to a security glitch, 50 million Facebook accounts were compromised; meaning that hackers had full access to these accounts and any other services and apps that these accounts were linked to. Facebook currently has 2.23 billion active users and they have already taken steps to fix the problem. Therefore, if your account hasn’t been compromised you needn’t worry too much, but for your own safety it’s probably a good idea to at least change your password!

How did it happen?


A glitch (or two) in Facebook’s code (Matrix?) originating from changes made to video upload features in July 2017 provided hackers with a means to steal Facebook access tokens, which could then be used to take over people’s accounts. Access tokens are what your web browser uses to allow you to stay logged into your Facebook. Apparently the issue went unnoticed until the recent breach. The hackers exploited a vulnerability in Facebook’s code relating to the ‘View As’ feature that lets users see how their profiles would appear on other people’s screens. Only users who used the feature were vulnerable to the attack. 




What was the motive?


What is the motive of any hacking? Financial gain, one-upmanship, boredom or something like that, probably. More important than motive however is that, if hackers gained access to your account by retrieving an access token, they would have had full login and access rights to your account and any apps or services that you might have linked to it.

How to know if you were a victim?


Well, it’s difficult to know for sure if your information was compromised but Facebook did reset the access token for the 50 million users who were affected by the breach along with another 40 million accounts that had used the ‘View As’ feature in the past one year. So, if you were forced to manually log into your Facebook account on or about Friday, September 28 2018, then it’s highly likely that your account was compromised or at least at risk. Facebook has also temporarily disabled the ‘View As’ feature until a proper security review is conducted.


What to do if your account was compromised?


The first step would be to change your password. In fact, it’s great if everyone changes their passwords from time to time. Facebook is yet to determine whether the affected accounts were misused or if their personal information was accessed. Still, it’s best to assume the worst. You’ll also do well to check all linked apps and services and reset their permissions too (by logging out and then back in) and check your account(s) overall to ensure that nothing looks out of the ordinary.

Should you be worried?


It may seem alarming to think that 50 million accounts have been hacked but don’t fall prey to hysteria. Facebook has 2.23 billion active users, which in this instance means that only 2.25% of all accounts were affected, which in turn is a 97% + chance that yours wasn’t. Now, Odds of 97% that your account will remain secure is pretty darn good in the grand scheme of things, so fear not! After all, nothing is ever 100% secure.


Still, to ensure your safety online, do avoid posting sensitive and compromising information on Facebook or any social media platform. As an added measure, avoid logging into important services or apps with your Facebook or Google credentials. It may be easier and relatively secure when compared to creating a separate account but it can increase your chances of being compromised in a situation like this.


What about accountability?


Holding Facebook accountable is essential to ensuring that they maintain security standards. Governments are doing their part; Zuckerberg was hauled up in front of the US Congress to answer for the Cambridge Analytica scandal and the EU’s GDPR Laws could see Facebook being fined as much as 1.63 billion dollars over this recent security breach. But more importantly, users should call on Facebook and other services through every channel available to be accountable and to uphold reasonable standards for information and data security.

Were you affected by the Facebook breach? Do you know anyone who was? Share your thoughts with us in the comments.

Please enable JavaScript in your browser to complete this form.