Facebook Hack: Find out if you were hacked and what it means

Between Sept 14-27, 29 Million FaceBook users had their data compromised and on Friday, the social network admitted email addresses, phone numbers, and several other sensitive account details had been stolen. You can check Facebook Security Notice and you will quickly find out if your account was involved.

Passwords were not compromised however the hackers used a bug that had been around since mid-July 2017 that allowed unauthorized access through users access tokens. This gave the hackers access to your private information and also access to your friends.

The attackers had controlled a number of dummy accounts that were connected to live Facebook friends and used an automated technique to move from account to account stealing tokens of friends and for friends of those friends totalling 400,000 People. Then the attackers used this list to steal tokens from approx. 30 million people. Half of that group had only their name and contact details compromised and the other half had their contact info as well as username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. Basically a whole lot of personal information, but it’s ok because Facebook has said sorry(OMG).

On the bright side, if you were hacked you don't need to change your password or redo your security settings. Facebook has revoked the tokens so the hackers no longer have access. One of my clients I do IT support for was caught up in the mess and someone was able to send messages posing as her for approx. 1/2 a day. In this instance there wasn’t much a user could do to protect themselves from this type of attack however it’s a good reminder that social media is always a target and there are a few simple things that we can do to help protect our data.

Turn on Two Factor Authentication

If you haven't done this yet you are playing with fire. This will help you avoid unauthorized password resets.

Don’t Reuse Passwords

Use long passwords that include punctuation and upper and lower case . Don’t use the same password for multiple sites. Managing passwords drives almost everybody nuts and we recommend using a password manager. Learn more about are favourite 1-Password.

Watch out for Phish

Phishing is when a user is sent an email that misrepresents itself to try and trick the user into passing over their credentials. If you are a business owner and would like to educate your staff on Phishing we offer campaigns that will test your staff and provide feedback and training to help ensure your valuable data stays put. For more information click here.