50 million Facebook accounts compromised — here’s what you need to know
Authored by a Symantec employee
On September 28, 2018, Facebook confirmed almost 50 million accounts may be at risk after hackers exploited a vulnerability that allowed them to gain access to user accounts and potentially to their personal information.
Since the discovery of the attack, Facebook has resolved the security issue and has informed the law enforcement.
Did my Facebook account get hacked?
Facebook is notifying all affected users to re-enter their passwords. Once users log back in, they will get a notification at the top of their Facebook news feed explaining what happened. If you got a message like this after September 25, 2018, it is likely that your Facebook account may have been compromised in this vulnerability.
Right now Facebook says there is no need to reset your password. The hackers exploited access tokens, which are the digital keys that keeps users logged into their Facebook accounts and other apps that use a Facebook login.
As a precaution, Facebook reset the access tokens of 90 million accounts, and members were asked to re-enter their passwords. Once the tokens are reset, users cannot access their accounts unless the password is entered.
If you weren’t asked to re-enter your password, you may not be affected by this breach.
Are sites that use Facebook login also affected?
It is still unclear if other third-party apps that use Facebook logins were affected. Apps like Tinder, Spotify, and others allow users to log in using their Facebook accounts. Since these apps use the same access tokens as those used for Facebook, it is likely that these accounts may also have been compromised.
What information could have been compromised in the Facebook hack?
Even though no information appears to have been compromised, it is too early to know. According to Facebook CEO Mark Zuckerberg, the hackers targeted information such as name, gender, and hometown in user profiles.
What can a hacker do with my personal information?
Seemingly unimportant information like your name and address, with the right mix of other personal data, can have great value on the dark web. The cybercriminals behind large-scale data breaches are finding new ways to exploit your personal information to commit crimes, such as identity theft.
Gaining access to your online accounts puts these criminals at an advantage — and your identity and online privacy at risk. Password hint questions, photos, texts, and emails could get into the wrong hands.
Stolen passwords could allow hackers to access your emails, bank accounts, credit card information, Social Security number, and more. With your passwords, cybercriminals can view your most private information, access your bank accounts, apply for credit cards in your name, file fraudulent tax returns, or commit other serious crimes.
As the line between your real life and connected life blurs, it is important to help protect yourself in both realms. But how?
Think cyber safety. Cybercriminals are after your devices, your personal data, your identity, your online privacy, and even your home network because they are all connected.
You need a protection plan that helps protect your devices as well as your identity. To help protect your digital life, you need Norton with LifeLock.
No one can prevent all data breaches, but you can take steps to help keep your accounts and personal information protected, and maintain your sense of online privacy.
No one can prevent all identity theft or cybercrime.
†LifeLock does not monitor all transactions at all businesses
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.