In late September, Facebook announced that a security breach was discovered on September 25th that affected almost 50 million accounts. The hackers stole Facebook access tokens which keep people logged into Facebook. The vulnerability that the hackers exploited was in the View As feature which allows people to see what their profile looks to other users. Facebook Login which allows people to login to other services using their Facebook account login was also compromised.

Enough specific information to impersonate you, gain access to your accounts, or scam you and your friends.

While this breach didn't expose financial data, it did expose personal data. This might provide scammers with enough specific information to impersonate you, gain access to your accounts, or scam you and your friends.

Steps You Should Take

Even though Facebook logged out users whose accounts might have been compromised and invalidated the stolen tokens, there are steps you should take.

  1. Log yourself out on all devices. Go to the Security and Login page for your account and look under "Where You're Logged In." Choose Log out of all sessions and follow the instructions. If you see an unfamiliar device or odd location, remove it from your account and report it to Facebook.

  2. Change your Facebook password as an extra security precaution. Make sure that you choose a complex password that you haven't used before.

  3. Consider using two-factor authentication. This requires you to enter a unique code received by text message to complete the log in process.

  4. Review your privacy settings. How much of your personal information do you want to be public? Think carefully about what you post and consider limiting it to family and close friends.

  5. Consider if you want to continue using Facebook Login on other sites. You can check which sites you use it with by going to Settings on your Facebook page, choose Apps and Websites and Active. You can remove a site but before doing so, visit the site to change your login settings. Otherwise you may lose your data or other settings.

  6. Use a password manager. This can help you create unique and complex passwords for all of your logins. They can be used across multiple devices.