On 16 September 2018, engineers at Facebook detected some unusual activity on the social media platform’s networks. It was an attack, the biggest security breach in Facebook’s history, and it took the company eleven more days to stop it.
The attackers figured out how to exploit three separate vulnerabilities in Facebook’s code. The breach affected 50 million accounts and took advantage of ‘tokens’ – a system used by third-party platforms such as Spotify. This exploit actually existed since July 2017 and no-one seems to have any firm idea as to what the attackers did before Facebook found and fixed the vulnerabilities.
Facebook relies primarily on trust. People trust that their pictures will be seen only by those in their networks and that their private messages will only be read by the people to whom they were sent. If attacks such as this one destroy that trust, the company could quickly find itself in deep trouble.
Whether or not you were affected personally by this particular hack, right now is a good time for you to ensure that you have the necessary security precautions set in place:
- Change your Facebook password and use a strong, unique password.
- Log out of your account on any device or browser where you are logged in.
- Set up two-factor authentication which is an extra layer of security that requires not only a password and username but also something that only the user should know.
- Set up alerts for unrecognised logins.
- For extra privacy, turn off Apps, Websites and Games. This makes it far less likely for your data to be shared with third parties.
We may never know who attacked Facebook and what their motives were and if we do ever eventually find out it may well be too late for some people.