Facebook revealed that hackers obtained login access of up to 50 million user accounts. The tech giant has since taken measures to rectify the situation by logging its users out. However, questions still remain over what the largest breach in Facebook’s history means for your online status.

What Caused It?

A bug, literally.

There is a token that allows you to stay logged in for a period of time without having to enter your password every time. On September 25th, Facebook realised hackers were able to steal this token through the “View as” feature. This feature allows you to see what your profile looks like to other users. By exploiting this vulnerability, the hackers were able to effect changes in your name without you ever knowing.

Facebook solved the problem by sending messages out and logging the affected users out. When you log into Facebook, a new token is automatically created, thereby invalidating the old one and making it impossible for hackers to use it again.

90 Million Victims

Facebook has asked 40 million more users to log out of their accounts and log back in. This will create new tokens and kick hackers out of the systems. In effect, if you have used the “View as” feature since 2017, Facebook advises that you follow the same precautions to safeguard your account.

Third-Party Apps

Third-party apps like Spotify, Airbnb, and Canva allow you to log into their platform without a password by using Facebook credentials. While this may be convenient, the connection with Facebook makes your data on the other sites equally vulnerable after this massive breach.

Though Facebook has since changed the tokens by logging you out, it is not clear if there have already been breaches on your favourite 3rd-party apps: Facebook has said there is no evidence of this, but that can hardly be reassuring. Your best bet now is to log out of those apps/sites and use a different sign-in credential other than Facebook.

More Sanctions?

The fallout from revelations has been massive. Facebook is currently facing a class-action lawsuit from Carla Echavarria and Derick Walker. The Irish Data Protection Commission is also considering opening a formal probe into the data breach. If Facebook is found to have breached the  General Data Protection Regulation (GDPR) in the EU, it could face up to $1.6 billion in fines.

In America, US Senator Mark Warner said “this is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users.” These measures, though stern, would be important for securing your data with Facebook.

Stop Facebook Sign-ins

It might be convenient and easy for you, but using Facebook to log into other websites could pose tremendous risks to your safety and privacy. The best practice is to use a custom email for your online browsing. Keep this separate from the business or personal email account you use for other activities. This way, you’re safe when someone or something goes rogue on your data.