Facebook security incident

Facebook security incident

<  Back to News and Media

Published on:

September 29, 2018

Facebook has announced the discovery of a security issue affecting almost 50 million accounts. While Facebook’s investigation is still in its early stages, it has confirmed that suspected malicious actors exploited a vulnerability in Facebook access tokens. These tokens are effectively digital keys that allow users to remain logged into Facebook and avoid re-entering their password.

Facebook have taken steps to contain the incident, including fixing the vulnerability and resetting access tokens for affected (and potentially affected) users. If you have been logged out of Facebook automatically, this suggests Facebook have taken containment steps in relation to your user account. Facebook are advising that users need not change their passwords at this stage.

Facebook will provide further updates as the circumstances of this security issue continue to unfold. In the interim, users may consider taking the following precautionary steps to protect their personal data.

  • If you have not been logged out of Facebook automatically, you can do so through your security settings by selecting the one-click option to log out of all locations.
  • While the circumstances of the security issue remain under investigation, there are reports that third party applications may have been impacted. Users may therefore consider logging out of all third applications linked to your Facebook login credentials and also turning off Facebook’s integration with third party applications by visiting Apps and Websites in your security settings.
  • Always carefully consider the personal data that you share on Facebook and other social media channels. This is also an opportune time to revisit your Facebook privacy settings.
  • Consider adopting two-factor authentication when logging into your account. This option may be activated from the security and login section in your security settings.
  • If it sounds like a scam, be sure to pick the phone and talk to the person who is messaging you or asking to connect with you on Facebook.

IDCARE is Australia’s national identity and cyber support service. We will continue to keep you updated as further information becomes available.


Other News

IDCARE is always active in the media from radio to TV, social media and news articles. Keep up to date with what's happening at IDCARE and in the media.
Insights into how scammers trick us

Experts in the field reveal insights into how scammers trick us

Need a car?? National car shortage sparks spike in fake car sales advertisement

We know finding a new or used car for sale is particularly tough in this market, but please be careful



IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.   

Get help

Submit a web request

Call Centre Icon


1800 595 160

Mon - Fri: 8am - 5pm AEST

QLD: 07 3555 5900
ACT & NSW: 02 8999 3356
VIC: 03 7018 2366
NT, SA & WA08 7078 7741

Call Centre Icon

call our NEW ZEALAND

0800 121 068

Mon - Fri: 10am - 7pm NZST

AKL: 09 884 4440