Photo by Negative Space
Facebook has acknowledged a security breach affecting 50 million users but says it has yet to determine whether the accounts were misused or any information in them accessed. In response to the breach, the company has reset the access tokens that enable users to avoid re-entering passwords on every use of the app, and it also disabled the “View As” feature that the attackers exploited. The owners of the 50 million affected accounts will have to log in to Facebook again, and as a precaution, Facebook reset the access tokens on another 40 million accounts. A few thoughts:
- 50 million affected users is a lot in raw numbers, but it’s only about 2% of Facebook’s 2.2 billion active monthly users.
- Because of Facebook’s precautionary measure, if you’re forced to log in again, you have no idea if your account was in the 50 million that were affected or not. Despite Facebook’s claim to the contrary, we recommend changing your Facebook password if you do have to log in again. (And for goodness sake, if you don’t have a strong, unique password for Facebook, set one immediately!)
- We’ll be interested to see if Facebook ends up increasing the number of affected accounts, potentially by a lot. Not that 50 million is a good number, but it’s a whole lot better than 2.2 billion.
- Although we worry much more about what Facebook itself will do with all the data it hoovers up, situations like this bring into stark relief the fact that you should be extremely careful about what you choose to share on Facebook, given that the company cannot guarantee the security of your data.