About That: Facebook Says Hackers Just Breached 50 Million Accounts.
What Happened and What do you need to do!
Last Friday: Facebook noticed a spike (dramatic increase) in traffic (people) on their servers.
Hackers (the bad guys) had exploited (taken advantage of) 3 Facebook vulnerabilities (bugs).
The bugs involve access tokens that allowed access for you to be able to view parts or your entire Facebook page.
A access token is string of characters which was sent to you after you request access to a specific website.***(See Geek Information of you want to know more)
This vulnerability allowed attackers to steal users' access tokens, which they could then use to gain access to the Facebook account and possibly other third-party websites that the user had logged into using his or her Facebook credentials, like Instagram, Spotify and Airbnb.
Personally identifiable information, like social security numbers, passwords or credit cards, weren't stolen.
Facebook found the breach on Tuesday and fixed it by Thursday night
In order to fix the breach, Facebook logged 90 million people off of its website — all 50 million who were affected, and another 40 million as a precautionary measure.
So, if you are still concerned here is what you need top do:
Log out, log back in
Log out on all of your devices, to help prevent hackers from accessing your saved data.
Change your password
Changing your password is always a good idea
Check your payments
While Facebook hasn’t said that any payment card information attached to people’s accounts was compromised or misused, it’s still a good idea to monitor and check for any unknown activity on your account.
When you enter an email address into a website to join a mailing list, you’re often asked to check your email and click on a link. The link looks something like this:
In this case, the ‘token’ is this string of characters, which was sent to you. It’s a unique string of characters, which, when you click on it, tells the server that “yep, the person definitely got the email, so the email account is definitely theirs.”.
So, the website sent you a token, and you sent it back, proving you had control of that email address.