September 28, Facebook admitted that unknown hacks exploited three zero-day vulnerabilities on its social media platform and took away secret access tokens for more than 50 million Facebook users.
Access Tokens “are the equivalent of digital keys that keep people logged in to Facebook, so they don’t need to re-enter their password every time they use the app.” The hackers could use those access tokens to take over user accounts. In response, Facebook reset access token for nearly 90 million users, which caused all 90 million users being logged out on September 28. The hackers could use the secret access tokens to access user accounts, personal information, and access third-party app or websites that are logged in with Facebook accounts.
https://thehackernews.com/2018/09/facebook-account-hack.html
No where in this article does it suggest to change your password. That seems odd. Must detail of the tokens wasn’t reviled in this article but one could assume the tokens don’t have the 90 million users passwords in the clear. OR 90 million is just a small number to the 2.23 billion users they have currently. Could it just be a mitigated risk?
Hi Haitao
Thanks for sharing the important news to us. It is important to know the incident as Facebook users. Hackers may take over the accounts, and steal the information about the accounts, such as name, or location usually go. The organization already fixed the problems, so it is significant to do something for the accounts after the incident. For example, changing the password for the accounts and turning on the two-factor authentication for logon the accounts.
Interesting article, good to know that Facebook on the other fire after the heavy fire since the revelation that consultancy firm Cambridge Analytica had misused data of 87 million Facebook users to help Donald Trump win the US presidency in 2016.