Facebook security incident

Facebook security incident

<  Back to News and Media

Published on:

September 29, 2018

Facebook has announced the discovery of a security issue affecting almost 50 million accounts. While Facebook’s investigation is still in its early stages, it has confirmed that suspected malicious actors exploited a vulnerability in Facebook access tokens. These tokens are effectively digital keys that allow users to remain logged into Facebook and avoid re-entering their password.

Facebook have taken steps to contain the incident, including fixing the vulnerability and resetting access tokens for affected (and potentially affected) users. If you have been logged out of Facebook automatically, this suggests Facebook have taken containment steps in relation to your user account. Facebook are advising that users need not change their passwords at this stage.

Facebook will provide further updates as the circumstances of this security issue continue to unfold. In the interim, users may consider taking the following precautionary steps to protect their personal data.

  • If you have not been logged out of Facebook automatically, you can do so through your security settings by selecting the one-click option to log out of all locations.
  • While the circumstances of the security issue remain under investigation, there are reports that third party applications may have been impacted. Users may therefore consider logging out of all third applications linked to your Facebook login credentials and also turning off Facebook’s integration with third party applications by visiting Apps and Websites in your security settings.
  • Always carefully consider the personal data that you share on Facebook and other social media channels. This is also an opportune time to revisit your Facebook privacy settings.
  • Consider adopting two-factor authentication when logging into your account. This option may be activated from the security and login section in your security settings.
  • If it sounds like a scam, be sure to pick the phone and talk to the person who is messaging you or asking to connect with you on Facebook.

IDCARE is Australia’s national identity and cyber support service. We will continue to keep you updated as further information becomes available.

BACK TO LATEST NEWS

Other News

IDCARE is always active in the media from radio to TV, social media and news articles. Keep up to date with what's happening at IDCARE and in the media.
IDCARE on the Today Show

Australians are losing an average of $25 million a month in investment scams.

Read more...
Behind the mask: Unveiling the new and the trending scams in the fortnight

Behind the mask: Unveiling the new and the trending scams in the fortnight

Read more...
Phishing, spoofing, spamming?

Cyber-lingo explained in the latest edition of The Cyber Sushi.

Read more...
Why your number is being spoofed

You've heard about FluBot, now we explain what it is.

Read more...

CONTACT US

IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.   

Get help
ONLINE FORM

Submit a web request

Call Centre Icon

Call our AUSTRALIAn
NATIONAL CASE MANAGEMENT CENTRE

1800 595 160

Mon - Fri: 8am - 5pm AEST

QLD: 07 3555 5900
ACT & NSW: 02 8999 3356
VIC: 03 7018 2366
NT, SA & WA08 7078 7741

Call Centre Icon

call our NEW ZEALAND
NATIONAL CASE MANAGEMENT CENTRE

0800 121 068

Mon - Fri: 10am - 7pm NZST

AKL: 09 884 4440