2018 Facebook Hack: What You Need to Do Right Now


2018 Facebook Hack: What You Need to Do Right Now is a post by Cory Gunther from Gotta Be Mobile.

Facebook hasn’t had its best year in 2018. This week the company revealed a large hack that could potentially compromise the data of over 50 million users. If you’re wondering what you should do next after the Facebook Hack in 2018, here’s what you need to know.

On September 25th, Facebook found the breach, suggesting that attackers used a vulnerability in the “View As” feature, which allows you to view your profile the way others see it. Then, the hackers stole account access tokens.

So what are Facebook access tokens, how can you find out if you’re affected and what should you do next? We have you covered.

  • Facebook announced a security exploit earlier this week that affects over 50 million users.
  • As a precautionary measure, 90 million users will automatically be logged out of their account and have to log back in manually.
  • Facebook claims passwords were not compromised.

If you were asked to log back into Facebook the last time you opened the app or website, your account probably got hacked. The company automatically logged out around 90 million accounts this week. That includes in the app, website, and any third-party apps or services.

Read: How to Stop Facebook From Accessing Contacts, Call Logs & Texts

It’s not all bad news though. So far, Facebook claims the hackers didn’t steal passwords, but they’re still investigating the situation. They’re also unsure of exactly what the hackers stole, or how compromised those 50-90 million accounts actually are. Facebook said it only affects 50 million accounts, but they cleared out an additional 40 million just in case.

That said, Facebook already fixed the vulnerability, so that’s a plus.

What Are Facebook Access Tokens?

Long story short, access tokens are unique strings of numbers used to identify individuals, apps or Pages on Facebook. They’re also something that third-party apps and services use to access your Facebook page and information. Basically, they are digital keys so you don’t have to re-enter your password every time you use the app.

The hackers accessed at least 50 million access tokens from Facebook user accounts. However, Facebook cleared an additional 40 million accounts that used the “View As” feature within the last year. So while that’s good news, it’s also a bit nerve-racking. Mainly because they don’t necessarily know how many got compromised, or what all happened.

Facebook Hack: What To Do Next

Either way, this isn’t good news. So while this story is still developing and Facebook works with the FBI to investigate, you can take steps right now to secure yourself and your account.

According to Facebook, you don’t have to change your password as they weren’t compromised. That said, we recommend you change it anyway or at least follow a few of the steps outlined below. Especially if you use the same password across multiple accounts, services, or it’s a simple password.

Log Yourself Out Everywhere

As a precautionary measure, Facebook says you can log out of Facebook everywhere. That means the app, website, browsers, third-party services, add-ons and more. Log out of everything, change your password, and start over. We’re recommending everyone does this first.

Go to the Facebook Login & security section in settings. This will list any place or service where you’re logged into Facebook. Basically, where those access tokens are being used. You can log out one at a time, or the company even offers a one-click option to log out of them all at once.

Change Your Password

First things first, change your Facebook password by clicking here. While you’re at it you should choose something strong or difficult to guess, and maybe change your secret questions if possible.

At the same time, you should change your password on any and all sites that use the same password. This is a mistake millions of users make. Never use the same password that’s easy to remember, especially for every website. You should use a different password for each one for situations just like this.

Use A Password Manager

Remembering a different password for the dozens of websites and services we use on a daily basis is no small task. Which is why we recommend a password manager like LastPass or 1Password. These combine unique passwords for every site, saves them, then generates one unique and secure password for you. One that is a mix of letters, numbers, words and more.

This is something millions of users should consider either way.

Two-factor Authentication

While you’re already in the settings menu we highly recommend enabling two-factor authentication. This essentially adds a second layer of security to your account. That way whenever you try to login Facebook will send you an email, text message, or a similar type of communication. Meaning hackers can only get through one stage of the login process.

Here’s how to turn on two-factor authentication on Facebook. When you do this, you can even use an authenticator app for added security and privacy.

Final Thoughts

In closing, Facebook confirmed that this is an ongoing investigation and they’re still trying to better understand all the details and what all happened. So if they learn more, the facts change, or they find out it was a lot more than 50 million, they’ll explain all the details right here.

For now, use caution when it comes to your Facebook account, change your password, and use some stronger security measures if possible.

And if all else fails, just delete your Facebook account.

2018 Facebook Hack: What You Need to Do Right Now is a post by Cory Gunther from Gotta Be Mobile.