Since Facebook reported last week that hackers had stolen access tokens to almost 50 million accounts, there have been no signs that the perpetrators leaked any user data online or published content on the site without permission.
But many users are understandably still concerned about the ramifications of the attack, which could have allowed hackers to siphon off personal data about themselves or their friends, or potentially gain access to third-party sites and apps that support Facebook login.
There are some simple steps you can take to keep your Facebook and other accounts more secure from future attacks, in addition to staying vigilant about potential fallout from this one.
Use secure passwords
Changing passwords is one of several steps experts say concerned users can take in the wake of a breach. Though the complex hack apparently only took digital tokens used to keep users logged in to Facebook – rather than traditional passwords – changing to a new secure password can’t do any harm, and it can give users an opportunity to make sure they’re using a unique, difficult-to-guess password.
Check settings & posts
In a blog post last week, Facebook suggested users can visit the “Security and Login” tab within the site’s settings menu. There, they can see a list of any services where they’re signed in with Facebook and sign out of any they’re not using it or no longer want to use it through their login.
Enable two-factor authentication
Using two-factor authentication, which requires you do something to verify your identity beyond simply entering a password, wouldn’t have protected users from the recent Facebook hack because of the particular vulnerability used. But generally speaking, it can still be a good way to help keep online services secure.
Be alert to phishing attacks
As of now, it’s still unclear who is responsible for the mammoth Facebook hack and what data they’ve managed to hold on to. One possibility is that they’ll use it as a source of data for phishing attacks. Clever hackers often research targets so that they can pretend to be their employers, friends, or relatives, and the Facebook attackers could do the same.
Source: Fast Company