Last week, Facebook announced that a hack on its network had exposed the personal information of nearly 50 million users. The largest breach in company history allowed cyberattackers to exploit part of Facebook’s code, taking advantage of three software flaws to compromise and possibly control user accounts.
To make matters worse, two of the flaws were part of the “View As” tool, which is intended to improve user privacy. The third flaw was part of a tool that allowed users to upload videos for their birthdays. Both tools allowed hackers to gain access to digital keys that allow users to access Facebook from a mobile device without having to enter a password upon each login.
Facebook officials said they had quickly identified and repaired the vulnerabilities, notifying law enforcement and kicking off an investigation into the root cause of the breach. But the message was clear for users already worried about online privacy concerns: even the most commonly used platform, which has more than 2.2 billion users across the globe, can put personal information at risk. The breach also affected popular apps like Spotify and Instagram, which allow users to log in using their Facebook credentials.
On Friday, September 28th, Facebook logged more than 90 million users out automatically. So if you used the app between the 28th-30th and found that you had to log back in, you might have been affected.
The quickest way to figure out whether an illicit user has improperly accessed your Facebook account is to do an audit of the devices used to log in to the system. On Facebook’s Security and Login page, a tab marked “Where You’re Logged In” will display a list of devices signed in to your account, in addition to their locations. If you notice an unfamiliar device logged in from an unusual location, click the “Remove” button to kick that device out of your account.
If you use the same password for all of your online accounts, you’re exactly the kind of target that cybercriminals hope for when they launch attacks like the one on Facebook. Don’t rely on generic passwords—instead, create strong and unique ones that are at least eight characters long and mix upper- and lower-case numbers, letters, and symbols—think “P@ssw0rd#!23” instead of “password123.
This requires users to enter a unique code, typically delivered via text message, along with their regular password whenever logging in to an account. It might add a few extra seconds to your day, but the security upgrade is significant: even if a hacker gained access to your password, it would be nearly impossible to log in without the two-factor authentication code.
With new breaches making the news every day, companies of all sizes and in all industries are right to be concerned about their level of security. At CMIT Solutions, we recommend right-sized assessments that take into consideration the size and complexity of your business and whether or not your business is subject to regulatory constraints. We can help protect your business with 24/7 monitoring, strong antivirus and anti-spam software, remote data backup, and more advanced tools like enterprise-grade password management.
If you’re unsure about the security of your Facebook account or other social media applications, contact CMIT Solutions today. We take online security seriously, and we’re committed to improving the safety of your information so that you can focus on running your business.