Facebook security incident

Facebook security incident

<  Back to News and Media

Published on:

September 29, 2018

Facebook has announced the discovery of a security issue affecting almost 50 million accounts. While Facebook’s investigation is still in its early stages, it has confirmed that suspected malicious actors exploited a vulnerability in Facebook access tokens. These tokens are effectively digital keys that allow users to remain logged into Facebook and avoid re-entering their password.

Facebook have taken steps to contain the incident, including fixing the vulnerability and resetting access tokens for affected (and potentially affected) users. If you have been logged out of Facebook automatically, this suggests Facebook have taken containment steps in relation to your user account. Facebook are advising that users need not change their passwords at this stage.

Facebook will provide further updates as the circumstances of this security issue continue to unfold. In the interim, users may consider taking the following precautionary steps to protect their personal data.

  • If you have not been logged out of Facebook automatically, you can do so through your security settings by selecting the one-click option to log out of all locations.
  • While the circumstances of the security issue remain under investigation, there are reports that third party applications may have been impacted. Users may therefore consider logging out of all third applications linked to your Facebook login credentials and also turning off Facebook’s integration with third party applications by visiting Apps and Websites in your security settings.
  • Always carefully consider the personal data that you share on Facebook and other social media channels. This is also an opportune time to revisit your Facebook privacy settings.
  • Consider adopting two-factor authentication when logging into your account. This option may be activated from the security and login section in your security settings.
  • If it sounds like a scam, be sure to pick the phone and talk to the person who is messaging you or asking to connect with you on Facebook.

IDCARE is Australia’s national identity and cyber support service. We will continue to keep you updated as further information becomes available.

BACK TO LATEST NEWS

Other News

IDCARE is always active in the media from radio to TV, social media and news articles. Keep up to date with what's happening at IDCARE and in the media.
iappANZ Annual Summit – Melbourne 2018

Australian Information and Privacy Commissioner discusses latest quarterly report on the Notifiable Data Breaches scheme.

Read more...
ATO DIRECT refund scam

It appears to come from the ATO offering a refund.

Read more...
ATO arrest warrant scam has evolved…

Scammers are now using a 4 phase approach and using the AFP brand to further the story

Read more...
IDCARE Impersonation scam

Have you received a cold call or email recently from IDCARE asking you to participate in a “sting”?

Read more...

CONTACT US

IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.   

Get help
ONLINE FORM

Submit a web request

Call Centre Icon

Call our AUSTRALIAn
NATIONAL CASE MANAGEMENT CENTRE

1800 595 160

Mon - Fri: 8am - 5pm AEST

QLD: 07 3555 5900
ACT & NSW: 02 8999 3356
VIC: 03 7018 2366
NT, SA & WA08 7078 7741

Call Centre Icon

call our NEW ZEALAND
NATIONAL CASE MANAGEMENT CENTRE

0800 121 068

Mon - Fri: 10am - 7pm NZST

AKL: 09 884 4440