On September 28, 2018, Facebook made headlines announcing its latest high-volume data breach. Due to a vulnerability in the social network’s code, approximately 50 million user accounts found their personal data suddenly at risk.
Unlike data-only breaches like the Cambridge Analytica breach, hackers were able to steal “access tokens,” which allow users to stay logged into their accounts on websites other than Facebook. Hackers are able to use those tokens to not only take over Facebook profiles, but also to access third-party accounts like Airbnb, Spotify or Uber – any of the 200+ apps and services that allow users to log-in with Facebook credentials.
Facebook quickly fixed the vulnerability, informed law enforcement to investigate and reset the access tokens on 90 million accounts as a precautionary measure. Fortunately, on October 2, 2018, Facebook announced its investigators don’t believe any third-party sites were affected. But small business owners and accountants are smart to understand this breach as yet another reminder of just how quickly hackers can gain access to important information—and next time the consequences may be far greater for the users.
What to Learn from the Facebook Breach
While Facebook followed up on this breach with textbook precision that limited the damage, the lesson with the most recent breach should not end with trusting the social network to take care of your interests. Instead, this should be a wake-up call to make sure you’re maintaining important basic online security measures. Here are three things you, your associates and clients should do in the wake of the most recent breach.
Audit your devices
The first step in limiting your data breach risk is to be aware of your account activity. Regularly check that your account hasn’t been accessed from devices you don’t recognize by signing up for app-specific login alerts for products such as Twitter or Gmail. Then, proactively monitor your login history under the “Settings” or “Security” tabs in apps like Facebook.
Change your password regularly
Are you one of the 39 percent of Americans who finds it difficult to keep track of your passwords? As challenging as it can be to manage the keywords that get you into all of your online profiles and banking apps, it’s important to remember basic Internet password best practices:
- Don’t reuse passwords for multiple accounts.
- Use phrases, initials and codes instead of simple words or number combinations.
- Change your passwords at least once per quarter, if not more frequently.
Enable multi-factor authentication whenever possible
Many websites and businesses offer multi-factor authentication, which is the ability to log in using a password as well as a time-sensitive code sent to your phone or email. Unfortunately, only 52 percent of online adults take businesses up on this opportunity. If you use any services that offer multi-factor authentication, sign up for it. That way, if someone obtains your password, they can’t log into your account without the second security code.
Though Facebook has reported that none of the access tokens targeted in the most recent attack have been used to log into third-party sites, it doesn’t mean your data is safe forever. After all, investigators still don’t know who is responsible for the hack. Take time now to implement proactive measures to protect your online security – before it’s too late.