[ad_1]
Sheryl Sandberg, Mark Zuckerberg and me. And there is a good chance you too.
Welcome to a not so exclusive club: Facebook users who may have been affected by a major security breach.
Hackers may have had access to nearly 50 million accounts by exploiting loopholes in the social network code, Facebook said on Friday. This is the biggest violation of the history of the company.
Facebook claims to have informed the security forces and corrected the vulnerability of the code exploited by hackers.
Many questions remain. We do not know for sure if the impacted accounts were misused. It is also difficult to know exactly what information hackers could access, although Facebook said that passwords and payment information were not compromised.
"Until now, our initial investigation has not shown that these tokens were used to access private messages or messages or to publish anything on these accounts," said CEO Friday. Mark Zuckerberg. "But, of course, that could change as we learn more."
Cyber security experts tell CNN that some key steps can be taken to better protect your data.
What are the chips?
The attackers could use their accounts as if they were theirs by stealing "access tokens". Tokens allow users to stay connected to their Facebook accounts for extended periods of time without having to re-enter their password.
Facebook said Friday that it had reset the 50 million chips, as well as tokens for an additional 40 million people, for "precautionary measure."
And there may be more to come. Facebook said that an investigation into the violation was just beginning.
"If we find other accounts affected, we will immediately reset their access tokens," the company said in a blog post.
Check if you have been touched
Disconnected users of their accounts can reconnect with their usual passwords. They will then see a banner on top of their news feed that reads: "An Important Security Update". He offers a link that gives you details about the violation.
Even if you are not one of the 90 million, Facebook has suggested that you log out of your account, as a precaution. This will reset your access tokens.
You can do this from a desktop computer by clicking on the arrow located in the menu bar at the top right of your screen, selecting "Settings" and then navigating to the "Security & Security" tab. connection. "
On Facebook's iPhone mobile app, tap the bottom right corner of the screen, scroll down, and then tap "Disconnect."
change your password
Facebook says that access tokens, not passwords, have been stolen. But Bruce Schneier, a cybersecurity expert and researcher at Harvard Kennedy School, said it was wise to take this step.
You can start this process from the "Security and Connection" tab of your "Settings" page.
Schneier also recommends enabling two-factor authentication.
When enabled, users must enter a code at login time. You can choose whether you want to receive the code via a text message or via a separate authentication application.
To enable two-factor authentication, use the "Security and Login" page.
disconnect from other devices
After resetting my password, Facebook asked me to check which devices had access to my account. I clicked on "Disconnect From Other Devices", which included my current iPhone and another device that I did not have since 2014.
Experts said to regularly check where you are connected. You can access this information on Facebook's "Security and login" page.
Other applications
Facebook said that it was automatically dissociating potentially affected accounts from Instagram and Oculus, both of which belonged to Facebook. He did not do it with WhatsApp, which, according to the company, was not affected.
Guy Rosen, vice president of Facebook in charge of product management, told reporters on Friday that it was unclear whether hackers could access third-party applications using a Facebook login, but could not to discard it.
"It's important to say: attackers could use the account as if they were the account holder," said Rosen.
A wide range of sites use this feature, including payment applications like Venmo.
According to experts, it's a good idea to reset all your passwords for applications related to Facebook login.
Kevin Mitnick, a former hacker who founded the cyber security consulting firm Mitnick Security, said he recommended using long and complex passwords and storing them with a password manager such as 1Password or KeePass . He says your main password should be long. "More than 25 characters," he says.
You can check which external applications you have allowed on the Facebook Settings page under the "Applications and Websites" tab.
Schneier, the cybersecurity expert, said that if you could remember some additional login credentials and passwords, it would make sense to dissociate Facebook from each of them.
CNN has made contact with various companies using Facebook. TripAdvisor and Ancestry are the only sites that responded to inquiries. Both companies stated that there was no evidence that user information had been compromised.
Strengthen security
Kevin Fu, a cybersecurity expert and associate professor at the University of Michigan, recommends that Facebook users receive alerts for "unrecognized connections".
Users can enable the feature on the "Security and login" page. Scroll to the "Additional Security Setup" section. Facebook will send you an email if someone uses your information to connect to a device that you do not usually use.
Know your risks
According to the experts, it is wise to remove from your Facebook profile anything you do not want to disclose. Browse past messages, photos, and publications – and start removing them.
Schneier, a lecturer at Harvard Kennedy School, said that if you're online, it's best to always pay attention to what you share.
"You are completely at their mercy and you must hope for the best," he said. And that's the case of any technology company with whom you share information.
Congress of Appeal
Schneier said the best thing for people to do is "fight for better laws".
"These things happen all the time," he said. "The reason why companies come out with this nonsense is that they do not do it. to have do better. "
– Donie O 'Sullivan, Laurie Segall and Heather Kelly from CNN contributed to the story.
CNNMoney (New York) First published on September 29, 2018: 5:19 ET
Source link
