Last week, Facebook had to contact the Irish data protection authorities. Almost 50 million profiles have fallen victim to a hacker attack. More than 90 million have been logged out of their accounts as a precaution. We have compiled the most important questions and answers for you.
What happened?
Facebook has determined that the digital access keys – so-called tokens – were stolen from around 50 million user accounts. These keys made it possible to penetrate user profiles. These keys usually serve the purpose that the user does not have to enter his password with Facebook every time.
According to Facebook, the theft was made possible by vulnerabilities related to the “Ads from the point of view” feature. With their help, one’s own profile can be viewed from another person’s point of view. According to Facebook, the vulnerability has since been fixed and the responsible authorities have been informed. Facebook does not know who is behind these attacks or from where the attack originated.
What danger does the incident pose to the user?
The cybercriminals had access to the profiles of those affected. This would theoretically allow them to access information in the accounts, write messages and post news. According to Facebook, it is not yet known whether the accounts were misused and what information was accessed. Another danger is the unauthorized use of accounts on websites and apps that use a Facebook login, such as Instagram, Airbnb or Spiegel Online. The perpetrators could also have accessed these services, but according to Facebook, there is no evidence of this.
Who is affected?
According to Facebook, almost 50 million accounts are affected. Their login data has been reset to protect them from misuse. If you’ve been logged out of your account, it could be an indication that you’ve been affected. As a precaution, however, another 40 million accounts were deregistered in which the “Ads from the point of view” function was used last year. The Irish Data Protection Authority announced on Twitter that less than 10 percent of the affected users are from Europe.
What can I do?
Not very much. Facebook has taken over the first and most important step by automatically logging out almost 90 million user accounts, thus invalidating the stolen keys. According to Facebook, it is not necessary to change your own password. To be on the safe side, you can take two further measures.
>> Check access from third-party devices
On Facebook, you can easily check which devices have had access to your account in the past time by following these steps:
Go to the menu -> “Settings” -> “Security and Login” -> “Where you are currently logged in”.
There you will find an overview of the devices used and can also remove them in the menu next to the displayed device (“That’s not you?”).
>> Overview of online services with Facebook login
Facebook also gives you a quick overview of which websites and apps you use with the Facebook login.
Go to the menu, there on “Settings” -> “Apps and websites” -> “Logged in with Facebook”.
All services that use a Facebook login and in which you are logged in are listed here. You can log out of the affected service directly. This should renew the security key. With Facebook, it is also possible, if desired, to remove the connection to the service (menu -> “Settings” -> “Apps and websites” -> “Logged in with Facebook” -> mark the affected service and click on “Remove”).
Further background information on the incident can be found in Facebook’s security update and in the Facebook Login Update.
