After Facebook's hack, there's a lot of useless post-breach advice

If someone is telling you that you should change your password after Facebook's breach, stop.

Sept. 28, in Facebook's "View As" feature. The advice is completely useless for the 50 million people. And yet, organizations like the US government's Federal Trade Commission continues to suggest it.

When hackers hijacked millions of Facebook accounts, passwords were not stolen. The attackers took access tokens, which are not so easy for future sessions.

Facebook automatically reset access tokens for the people affected, as well as an additional 40 million people as a precaution, the company said on Friday, adding that because of this there is no need to change passwords.

The FTC noted this in its advice, then followed up with, "But, to be safe, log in and change your password anyway."

The suggestion plays off our natural desire to do something after such a massive breach. The ever-increasing number of breaches, from Yahoo to Equifax, all of us are worried about our personal information. But there are times when the advice comes after the incident does not help. Your best bet is to take more proactive measures ahead of a breach.

"Usually, there's a lot of damage," said Dave Kennedy, chief executive at security company TrustedSec.

The FTC's other advice is not much more helpful. The agency recommends watching out for imposter scams that're likely using information stolen from these Though scams are something you should be wary of, the FTC's tips are not exactly linked to Facebook, Kennedy said.

"It's so generic that it's not even specific to the Facebook breach and it's not applicable to what's going on with Facebook," he said. "I do not think the advice was useful for this specific breach at all."

Post-breach advice is often what a person should have been doing before the breach happened. Use a password manager. Do not use Instagram, Spotify and Tinder. Use two-factor authentication.

These are all things that can be done to protect you from future attacks, but they do not really have a lot of success. It's like telling someone to wear a seat belt while they're recovering from a car crash.

"The consumer's ability to do anything is preventable," said Emily Wilson, fraud intelligence manager at Terbium Labs.

Oftentimes, the cleanup is out of the affected people's hands. They have to rely on the infringement companies to protect their data and make sure it does not happen again.

"For consumers, they are in many cases in their control of their data," Wilson said.

For Facebook, the social network had already taken all those steps, by logging 90 million people out of their accounts to reset the access tokens. When Equifax announced that it suffered a 147 million Americans problem, the credit-monitoring company offered its own identity protection tool for free.

The most useful advice coming out following Facebook's massive breach, Kennedy said, is to protect yourself from new hacks, not the ones that've already happened.

But just because you can not do anything about it.

"There's lessons learned," Kennedy said. "It's not helplessness." There's proactive steps you can take.

Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.