Facebook has announced the discovery of a security issue affecting almost 50 million accounts. While Facebook’s investigation is still in its early stages, it has confirmed that suspected malicious actors exploited a vulnerability in Facebook access tokens. These tokens are effectively digital keys that allow users to remain logged into Facebook and avoid re-entering their password.
Facebook have taken steps to contain the incident, including fixing the vulnerability and resetting access tokens for affected (and potentially affected) users. If you have been logged out of Facebook automatically, this suggests Facebook have taken containment steps in relation to your user account. Facebook are advising that users need not change their passwords at this stage.
Facebook will provide further updates as the circumstances of this security issue continue to unfold. In the interim, users may consider taking the following precautionary steps to protect their personal data.
IDCARE is Australia’s national identity and cyber support service. We will continue to keep you updated as further information becomes available.