Technology

Are you one of the 30 million users hit by Facebookaccess token breach announced two weeks agoHerehow to find out.

1. Visit this Facebook Help center link while logged in:https://www.facebook.com/help/securitynoticeref=sec.
2. Scroll down to the section &Is my Facebook account impacted by this security issue&
3. Here you&ll see a Yes or No answer to whether your account was one of the 30 million users impacted. Those affected will also receive a warning like this atop their News Feed:
4. If Yes, you&ll be in one of three categories: A. You&re in the 15 million users& whose name plus email and/or phone number was accessed. B. You&re in the 14 million users& who had that data plus account bio data accessed including &username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.& C. You&re in the 1 million users whose access token was stolen but your account was never actually accessed with it. Lucky you.

So what should you do if you were hacked

1. You don&t necessarily have to change your Facebook password or credit card info, as thereno evidence that data was accessed in the attack.
2. Watch out for spam or scam calls, emails or messages as your contact info could have been sold to unscrupulous businesses.
3. Be on alert for phishing attempts that may try to email you and get you to sign in to one of your online accounts on a fake page that will steal your data. If you get a suspicious email that looks like itfrom Facebook, you can check here to see if itlegitimate.
4. If you&re in group B who had their bio info accessed, you may want to contact your bank or cell phone provider and add additional security layers such as a pincode. Thatbecause hackers may have enough biographical info to perform social engineering attacks where they pretend to be you and use stolen data to answer security questions and gain access to your accounts so they can spam your friends, steal and sell your social media handles, or port your phone number to their phone to intercept two-factor authentication prompts.
5. Consider whether Facebook still deserves to host what you share.

Facebook has now detailed what data was scraped and stolen in the breach it revealed two weeks ago. 30 million users, not 50 million as it initially estimated, had their access tokens stolen by hackers.Users can check FacebookHelp Center to find out if their information was accessed, and Facebook will send customized alerts to those impacted detailing what was accessed from their account and what they can do to recover. Itcurrently not clear if all the information accessed was necessarily scraped.

FacebookVP of product managment Guy Rosen told reporters on a press call that &We are cooperating with the FBI on this matter& and that &the FBI have asked us not to discuss who may be behind this attack& as its own investigation is ongoing. Disclosing anything about perpetrator now could cause them to cover tracks.

15 million of the 30 million users had their name plus phone number and/or email accessed. 14 million had that info plus potentially more biographical info accessed, including &username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches&. The remaining 1 million users& information wasn&t accessed.

Facebookother apps including Messenger, Messenger Kids, Instagram, WhatsApp, Workplace, and Pages, as well as its features for payments, third-party apps, advertisers, and developers were not accessed. Facebook says that law enforcement has asked it not to discuss evidence regarding who committed the attack as the FBI continues its investigation.

Facebook says the breach started when hackers with some access tokens exploited a combination of three bugs related to its &View As& privacy feature for seeing your profile from the perspective of someone else. This let them gain access to those accounts& friends leading them to steal access tokens 400,000 accounts, and used a different method to then grab tokens from 30 million of their friends.

Unlike most breaches, this one appears to have turned out to be less severe then initially expected. Users seem to already be forgetting about the breach after a short hiccup where they had to log back in to Facebook. Itpossible that that could impact Facebookuser counts slightly in its Q3 earnings report. But unless a truly nefarious use case for the accessed data is revealed, the breach could fade into the noise of non-stop cybersecurity failures across the web, including Google+breach that was covered up and has now prompted the Facebook competitorshut down.

Researchers at Indiana University have confirmed that stringent password policies & aside from being really annoying & actually work. The research, led by Ph.D. student Jacob Abbott, IU CIO Daniel Calarco, and professor L. Jean Camp. They published their findings in a paper entitled &Factors Influencing Password Reuse: A Case Study.&

&Our paper shows that passphrase requirements such as a 15-character minimum length deter the vast majority of IU users (99.98 percent) from reusing passwords or passphrases on other sites,& said Abbott. &Other universities with fewer password requirements had reuse rates potentially as high as 40 percent.&

To investigate the impact of policy on password reuse, the study analyzed password policies from 22 different U.S. universities, including their home institution, IU. Next, they extracted sets of emails and passwords from two large data sets that were published online and contained over 1.3 billion email addresses and password combinations. Based on email addresses belonging to a universitydomain, passwords were compiled and compared against a universityofficial password policy.

The findings were clear: Stringent password rules significantly lower a universityrisk of personal data breaches.

In short, requiring longer passwords and creating a truly stringent password policy reduced fraud and password reuse by almost 99%. Further, the researchers found that preventing users from adding their name or username inside passwords italso pretty helpful. Ultimately, having a stringent password policy is far better than have none at all. Ita no-brainer but it could be an important data point for your next tech project.