Facebook was hacked. 3 things you should do after the breach.

The social networking giant said attackers had exploited a weakness that enabled them to hijack the accounts of nearly 50 million users. Here are some tips for securing your account.

  • By Brian X. Chen,
  • The New York Times News Service
  • Online Security
  • Online Security
  • Online Security
  • Online Security
  • Online Security
  • Facebook.
  • Twitter.
  • LinkedIn.
  • Google Plus
  • Print

Facebook said its engineers discovered a security weakness this week that could let attackers hijack people's accounts. The vulnerability, which the company said had been fixed, affected nearly 50 million accounts.

Facebook said in a web post that the security issue was related to the "View As" feature, which allows people to see a preview of what their profile looks like to other people, like specific friends. Hackers exploited a weakness in the tool to gain access to digital keys that let people access Facebook from a personal device without having to re-enter a password. The keys could then be used to take over people's accounts, the company said.

The social networking giant said that it had reset all the access keys for affected users and that those users would have to log back into their accounts. In other words, there is not much you have to do. But there are some precautions you should take to protect yourself from the attack.

Do a device audit

The best way to determine whether someone has gained improper access to your account is to do an audit of the devices that you have used to log into Facebook. On Facebook's Security and Login page, under the tab labeled "Where You're Logged in," you can see a list of devices that are signed into your account, as well as their locations. If you see an unfamiliar gadget or a device signed in at an odd location, you can click the "Remove" button to boot the device out of your account.

Change your password

Facebook says that because it has fixed the vulnerability, there is no need to change your account password. But to be extra safe, you probably should anyway — especially if you use a weak password or saw any suspicious devices logged into your accounts.

If you decide to change your password, choose a complex one — and do not reuse a password you have used on a different site. Try creating long and complex passwords consisting of nonsensical phrases or one-sentence summaries of strange life events and add numbers and special characters, like: My favorite number is Green4782#.

To keep your passwords organized and easy to access, consider using a password-management app like 1Password or LastPass. These tools let you keep all your passwords in a digital vault that can be opened with one master password, and they can also automatically generate complex passwords.

Turn on two-factor authentication

Like many sites, Facebook offers a security feature called two-factor authentication. It involves text messaging a unique code to your phone that you must type in after entering your password. This way, even if someone gained access to your password, it would be difficult to log in without that code. Even though Facebook fixed this week's security vulnerability, every user should have this feature turned on.

  • Facebook.
  • Twitter.
  • LinkedIn.
  • Google Plus
  • Print

For more news you can use to help guide your financial life, visit our Insights page.


© Copyright 2018. All rights reserved by The New York Times Syndication Sales Corp. This material may not be copied, published, broadcast or redistributed in any manner.
Votes are submitted voluntarily by individuals and reflect their own opinion of the article's helpfulness. A percentage value for helpfulness will display once a sufficient number of votes have been submitted.
close
Please enter a valid e-mail address
Please enter a valid e-mail address
Important legal information about the e-mail you will be sending. By using this service, you agree to input your real e-mail address and only send it to people you know. It is a violation of law in some jurisdictions to falsely identify yourself in an e-mail. All information you provide will be used by Fidelity solely for the purpose of sending the e-mail on your behalf.The subject line of the e-mail you send will be "Fidelity.com: "

Your e-mail has been sent.
close

Your e-mail has been sent.