[ad_1]
Welcome to a not so exclusive club: Facebook users who may have been affected by a major security breach.
Hackers could have accessed nearly 50 million accounts by exploiting the flaws in the social network code, announced Friday Facebook. This is the biggest fault in the history of society.
Facebook claims to have informed the security forces and corrected the vulnerability of the code exploited by hackers.
Many questions remain. We do not know for sure if the accounts concerned were misused. It's also hard to know exactly what information hackers could access, even though Facebook said that passwords and payment information were not compromised.
"Until now, our initial investigation did not show that these tokens were used to access private messages or publications or to publish anything on these accounts," Mark told reporters. Zuckerberg, CEO. "But, of course, that can change as we learn more."
Cyber security experts tell CNN that some key steps can be taken to better protect your data.
What are the chips?
The attackers could use their accounts as they were theirs by stealing "access tokens". Tokens allow users to stay connected to their Facebook account for extended periods of time without having to reenter their password.
Facebook said Friday that it had reset the 50 million chips, as well as tokens for 40 million more people, by "precautionary measure."
And there may be more to come. Facebook said that an investigation into the violation was just beginning.
"If we find more accounts affected, we will immediately reset their access tokens," the company said in a blog post.
Check if you have been touched
Disconnected users of their accounts can reconnect with their usual passwords. Above their news feed, a banner will display: "An important security update." She offers a link that gives you details about the violation.
Even if you are not part of the 90 million, Facebook has suggested you to disconnect from your account, as a precaution. This will reset your access tokens.
You can do this from a desktop computer by clicking on the arrow located in the top right menu bar of your screen, selecting "Settings" and then navigating to the tab "Security and connection".
On the Facebook iPhone mobile app, touch the lower right corner of the screen, scroll down, and tap "Disconnect."
change your password
Facebook says that access tokens, not passwords, have been stolen. But Bruce Schneier, a cybersecurity expert and researcher at Harvard Kennedy School, said it was wise to take this step.
You can start this process from the "Security and Connection" tab of your "Settings" page.
Schneier also recommends enabling two-factor authentication.
When this option is enabled, users must enter a code at the time of login. You can choose whether you want to receive the code via a text message or via a separate authentication application.
To enable two-factor authentication, use the "Security and Login" page.
disconnect from other devices
After resetting my password, Facebook asked me to check which devices had access to my account. I click on "Disconnect from other devices", including my current iPhone and another device that I have not owned since 2014.
Experts said to regularly check where you are connected. You can access this information on Facebook's "Security and login" page.
Other applications
Facebook said that it was automatically dissociating potentially affected accounts from Instagram and Oculus, both of which belonged to Facebook. He did not do it with WhatsApp, which, according to the company, was not affected.
Facebook vice president of product management, Guy Rosen, told reporters on Friday that it was unclear whether hackers could access third-party apps that use the Facebook connection, but could not exclude.
A wide range of sites use this feature, including payment applications like Venmo.
"It's important to say: attackers could use the account as if they were the account holder," said Rosen.
Experts say it's a good idea to reset all your passwords for applications related to Facebook login.
Kevin Mitnick, a former hacker who founded the cyber security consulting firm Mitnick Security, said he recommended using long and complex passwords and storing them with a password manager such as 1Password or KeePass . He says your main password should be long. "More than 25 characters," he said.
You can check which external applications you have allowed on the Facebook Settings page under the "Applications and Websites" tab.
Schneier, a cybersecurity expert, said that if you could remember some additional login credentials and passwords, it's a good idea to separate Facebook from each of them.
CNN has made contact with various companies using Facebook. TripAdvisor and Ancestry are the only sites that responded to inquiries. Both companies stated that there was no evidence that user information had been compromised.
Strengthen security
Kevin Fu, a cybersecurity expert and associate professor at the University of Michigan, recommends that Facebook users receive alerts for "unrecognized connections."
Users can enable the feature on the "Security and login" page. Scroll to the "Additional Security Setup" section. Facebook will send you an e-mail if someone uses your information to connect to a device that you do not usually use.
Know your risks
According to your experts, it is wise to delete everything on your Facebook profile that you do not want to leave. Browse past messages, photos, and publications – and start removing them.
Schneier, a lecturer at Harvard Kennedy School, said that if you're online, it's best to always pay attention to what you share.
"You are totally at their mercy and you have to hope that everything is going well," he said. This is the case of any technology company with which you share information.
Congress of Appeal
Schneier said the best thing for people to do was "to agitate for better laws".
"These things happen all the time," he said. "The reason why companies are coping with this nonsense is to have do better. "
Source link