Over the weekend news broke that Facebook had suffered a major security breach. With hackers exploiting a flaw in the social platform’s “view as” feature, a whopping 50 million users may have had their data compromised.
In an interview with reporters, CEO Mark Zuckerberg repeatedly called the problem “serious”. But beyond recounting the steps Facebook is taking to address this breach, security app Dashlane says he “didn’t have a good answer for why users should still trust Facebook with their data”.
With Facebook potentially facing up to £1.25billion in fines under the EU’s new GDPR regulations, Emmanuel Schalit, CEO of Dashlane commented: “Because the extent of the hack is unknown, we recommend that everyone with a Facebook account updates their Facebook password, as well as any similar passwords that they use for other online accounts.
“Each of your online accounts should have a unique, complex password – this is especially true of accounts that contain sensitive personal information like social media accounts, banking accounts, and email accounts.”
Dashlane has also put together a blog post offering up advice to Facebook users about why they should change their passwords and how they should create new and stronger passwords.
“we always recommend activating two-factor authentication on sensitive accounts to create an additional layer of security,” advises Dashlane. “Two-factor authentication is a second method of authentication beyond a password – for example, an email verification—that makes it harder for hackers to gain access to your accounts.”
The company has also offered up some insight as to how Facebook was hacked.
“Facebook doesn’t have a ton of information to provide about the attack, but so far we know that the attack originated from a vulnerability in Facebook’s code around their “view as” feature, a feature that allows users to see what their profile looks like to someone else.
“According to Facebook, this allowed hackers to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
Dashlane said that as of now, Facebook isn’t sure if any compromised accounts were misused or if any sensitive personal information was accessed. However, when it comes to hacks, “it’s always better to err on the side of caution and be proactive about updating your compromised passwords”.
Read Dashlane’s full blog post here.