Secure your firm’s Facebook page after the latest security breach

facebook data breach

Facebook’s most recent data breach has left millions of people wondering if their accounts are compromised. Here’s what we know so far through Facebook’s initial statement and subsequent updates:

“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. […] Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that […] allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. […]

Here is the action we have already taken. First, we’ve fixed the vulnerability and informed law enforcement. Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts […].

Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. […] if we find more affected accounts, we will immediately reset their access tokens.

[…] We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login.”

At this point, the company reports there’s no indication that hackers stole passwords or did anything with the data they illicitly accessed. While that may prove true, it’s entirely possible that the hackers did use accounts they took over to scrape vast amounts of data on the account owners as well as other users. In either case, it’s a good idea to monitor your accounts carefully, including business pages. Here’s what Facebook advises page administrators to do:

  • Check contact information to make sure it is current and correct
  • Verify that permissions and roles for administrators are correct, and that there are no unfamiliar changes to this information
  • Look for activities that indicate unauthorized access such as:
    • Changes to payment settings
    • Changes to ads, budgets or bids within the account’s Ads Manager
    • Unauthorized Marketplace listings

If you do find questionable changes or information, you can report the issue through the platform’s Help Center.

Facebook and its millions of users share the hope that this event’s impacts will prove as limited as they first seem, but past experience with similar breaches should make us all wary of a potentially much greater scope.

Social media is a powerful tool, and therefore an extremely attractive target to malicious hackers that seek to exploit the vast realms of data these platforms hold. Use it for fun and for business, but never forget that every aspect of our online presence may well end up in the hands of criminals. When we enter the digital world – which we must – we’re playing with fire.

Posted in

Sarah Warlick

Sarah Warlick founded Proof Positive Content to provide professional service firms with high-quality content that resonates with their individual audiences. Sarah's writing appears in books, on dozens of firm websites and in Accounting Today, Social Media Today, various professional journals and other leading publications, but usually under another name. Ghostwriters rarely get the glory - their clients do!

Leave a Comment