Facebook reported its worst security breach ever last week with over 50 million accounts compromised. Nearly 90 million users were logged out of their Facebook accounts due to the security breach; the extra 40 million was done by Facebook as a security measure in response to the hacking.
With the latest issue, a hacker, or a group of hackers (Facebook is yet to confirm this), accessed close to 50 million accounts thanks to software bugs in Facebook’s code. Hackers were able to act like users on their profiles. The breach also impacted apps, where the user was signed in using their Facebook login, which would include Android and iOS apps.
While Facebook says it has fixed the vulnerability, it has not confirmed what information hackers managed to access or steal. Facebook has also alerted those who were logged out of their accounts about the privacy breach and asked them to update their passwords.
However, even if you were not impacted or logged out, here are some steps to keep in mind where security of your Facebook account is concerned.
Facebook data breach: Check devices which you are logged into
Facebook users can check which devices they are logged into with their account. Just go to Facebook on your desktop, followed by Settings, then Security Login tabs, and it will show ‘Where you are logged in’. These settings are also available on the iOS and Android app. If you find a device which you do not use anymore, click on the menu on the right-hand side and choose the log out option.
If you see a phone or device where you do not remember logging in, you can choose ‘Not You’ as the option and try to secure the account. In the Security and Login settings, you can also turn on alerts for all logins, so in case there is an unauthorised login, you will be alerted on your email or mobile phone number.
Facebook data breach: Start two-factor authentication
If you have not set up two-factor authentication for Facebook, then it is time to do so. This will prevent any unauthorised access to your account. Every time you log into a new device, you will be required to entire a one-time password (OTP). One can rely on authentication apps like Google Authenticator, or their mobile SMS, to receive these passwords.
Facebook users can set this up from Security and Login option in the Settings. You can also keep recovery codes when setting this up, so in case you do not have your mobile phone with you, then one can rely on these codes. Remember each recovery code can only be used once.
Facebook data breach: Review Authorized logins
Chances are if you have been upgrading phones regularly, you might have logged into Facebook on many of these devices, and given an authorised login. However, now is the time to revoke authorised login for many of these older apps and devices.
Just below the two-factor authentication feature on Security and Login, you will see a tab called ‘Authorized Logins’. This is a list of devices where you won’t have to use a login code. Go through the list, remove all old devices, be it that iPhone from 2015, or your first Android phone.
Facebook data breach: Change your password
If you are impacted by the data breach and Facebook has alerted you, then it goes without saying that you need to change your account password. Keep in mind that accounts were compromised, so not changing password leaves them open to being hacked. Even if your account was not impacted, it is best to change your password for additional security.
Once again the rules to changing your password are the standard ones. Do not keep simple passwords, like the name of your pet or your spouse’s name as the password and choose a strong combination with special characters, numerals in it as well.