Following the data breach of over 50 million accounts last week, Facebook is taking precaution by advising Page managers how to ensure their account security and avoid potential complications.
On September 25, Facebook engineers learned how attackers exploited a weakness in Facebook’s code that impacted “View As”. This feature allows people to see how their profile appears to other people.
Hackers used this vulnerability to steal Facebook users’ access tokens, and used it to take control of their accounts.
In a tweet on Friday, Facebook alerted users to the issue.
If you've been logged out of your account and asked to sign back in, it’s because we've discovered a security issue and are taking immediate action to protect people on Facebook. Learn more https://t.co/XLcHGYFBu2
— Facebook (@facebook) September 28, 2018
As a precaution, the social media giant said it would reset access tokens for another 40 million accounts subjected to a “View As” lookup over the past year.
A total of 90 million Facebook users now have to re-login to their account after the resets. It also covers third-party apps that use Facebook Login for access. After logging back in, they will see a notification detailing what happened.
Facebook says it has fixed the flaw in the code. It also reached out to law enforcement agencies and reset the affected access tokens to stop hackers from logging in.
We don’t yet know if any accounts were accessed using these stolen tokens, but we’re working to proactively identify any unauthorized access.
Security Checklist for Page Managers
Facebook says Page managers have no need to take action, but it advises some steps to consider to advance account security.
1. Checking your contact information in Account Settings
Facebook Page managers have no need to change passwords. But, they have to add updated email and phone information to regain access if they lost or forgot their password.
2. Checking roles and permissions for unauthorized changes
Facebook advises managers of Facebook Pages, Groups, apps, business or ad accounts to double check roles and permissions for unapproved changes.
If the listings have unauthorized admins or dubious entries, Page managers must contact the Facebook Help Center to report the issue.
3. Checking unrecognized activities
Facebook urges Page managers to check the following for unrecognized activities:
- Look for changes to payment details in Payment Settings on your account.
- Review active campaigns in Ads Manager to check for changes to ads, bids or budgets.
- Look for any listings you did not create on your Marketplace account.
Detecting and preventing fraud is extremely important and something we take very seriously. While we have not detected any malicious activity with business accounts, our investigation is ongoing.
As Facebook Page managers, you have to consider reviewing this checklist to ensure your account is safe and secure. Make it a part of your regular auditing.
Facebook Pages has risen and plays a key role in brand discovery and online presence. The reassurance of having a secure Facebook Page will help you manage daily tasks faster.
Read Facebook’s post here.