Are you one of the 30 million users hit by Facebook’s access token breach announced two weeks ago? Here’s how to find out.
- Visit this Facebook Help center link while logged in: https://www.facebook.com/help/securitynotice?ref=sec.
- Scroll down to the section “Is my Facebook account impacted by this security issue?”
- Here you’ll see a Yes or No answer to whether your account was one of the 30 million users impacted. Those affected will also receive a warning like this atop their News Feed:
- If Yes, you’ll be in one of three categories:
A. You’re in the 15 million users’ whose name plus email and/or phone number was accessed.
B. You’re in the 14 million users’ who had that data plus account bio data accessed including “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches”.
C. You’re in the 1 million users whose access token was stolen but your account was never actually accessed with it. Lucky you.
So what should you do if you were hacked?
- You don’t necessarily have to change your Facebook password or credit card info as there’s no evidence that data was accessed in the attack
- Watch out for spam or scam calls, emails, or messages as your contact info could have been sold to unscrupulous businesses
- Be on alert for phishing attempts that may try to email you and get you to sign in to one of your online accounts on a fake page that will steal your data. If you get a suspicious email that looks like it’s from Facebook, you can check here to see if it’s legitimate
- If you’re in group B who had their bio info accessed, you may want to contact your bank or cell phone provider and add additional security layers such as a pincode. That’s because hackers may have enough biographical info to perform social engineering attacks where they pretend to be you and use stolen data to answer security questions and gain access to your accounts so they can spam your friends, steal and sell your social media handles, or port your phone number to their phone to intercept two-factor authentication prompts.
- Consider whether Facebook still deserves to host what you share.