Cybersecurity Awareness Month: Facebook Cyberattack and Data Breach

What Users Can Do in Response to the Facebook Cyberattack and Data Breach

Now in its 15th year, National Cybersecurity Awareness Month (observed in October) promotes the importance of protecting against hackers, online scammers and other cyber-threats. CWRU goes to great lengths to secure its community against attacks and maintain data integrity and privacy. In the next several weeks, UTech’s Information Security Office (ISO) will share information on different facets of cybersecurity.

To begin with, reports came out in late September of a large-scale data breach of Facebook in which hackers exploited vulnerabilities in the app’s system to access the personal information from up to 90 million accounts. Here is what the ISO would like everyone to know and do regarding the attack:

What happened

Attackers used a vulnerability in the social network's "view as" feature, which allows you to view your own profile as someone else, to steal "access tokens" that could be used to take over people's accounts. The company said it has fixed the vulnerability, contacted law enforcement and completely disabled the "view as" feature. It also reset access tokens on 50 million accounts it knows were affected by the security breach, as well as an additional 40 million accounts that have been subject to a "view as" search within the last year.

Access tokens are not the same as passwords – they function as the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app, or, importantly, third-party apps such as Airbnb, Instagram, Etsy or Tinder.

Facebook issued clarification of the intrusion’s impact, stating they have no evidence that the attackers read private messages, posted anything to account pages, or stole credit card numbers. However, they did attempt to access personal information, which could have included details like name, date of birth and hometown.

The attackers may also have been able to manipulate the Facebook Login feature, which allows people to use their Facebook usernames and passwords as login credentials for other apps and websites.

Determining affected accounts

For those users who were suddenly logged out of Facebook on all of their devices at some point on the morning of Friday, September 28, there is reason to believe these accounts were among the 90 million affected. Affected users should receive a notification at the top of their News Feed when logging back into their account, explaining what happened and what steps to take moving forward.

Steps to take

  • Make a habit of reviewing all Log-in activity for Facebook: Go to Settings–> Security and Login–>Where You’re Logged In. Click on “See More” and scan the list to see if there are any unfamiliar devices accessing the account.
  • Similarly, take the opportunity to review third party apps that use the "Log In Using Facebook" method: Go to Settings –> Apps and Websites. Click “See More” to view all the apps, and remove unused or unneeded connections.
  • To increase overall security, don’t re-use Facebook credentials across websites and apps. Use LastPass password manager software instead, to create unique credentials accessible from all of an owner’s devices.

What’s to come during Cybersecurity Awareness Month

The ISO will publish additional articles online and in the Daily, hang posters around campus and more to educate about different aspects of cybersecurity throughout October. Be on the lookout for these notifications, stay aware and help keep CWRU safe and secure!