In the wake of Facebook’s latest security breach, the social network shared some tips for how page administrators, group administrators, application developers, advertisers and businesses can further secure their accounts.
Facebook revealed Friday that attackers who have not yet been identified exploited its View As feature, which enables people to see what their profiles look like to other people on the platform. Those attackers were able to use the bugs to steal access tokens, which keep users logged into their accounts so that they do not need to re-enter their passwords each time they access the social network.
Nearly 50 million Facebook accounts were potentially affected by the breach, and the social network also reset the access tokens for another 40 million accounts that had experienced View As lookups over the past year.
The social network stressed in a blog post that it does not yet know whether any accounts were accessed, and that no action is necessary, but it offered the following suggestions “to further secure your account”:
- Check roles and permissions for pages, groups, apps, ad accounts and business accounts, and report any unauthorized changes or people who are not recognized.
- Examine payment settings to ensure that there have been no unauthorized changes to payment details.
- Review active ad campaigns in Ads Manager to ensure that there were no unauthorized changes to ads, bids or budgets.
- Examine Marketplace accounts to ensure that there are no listings that were not created by the account holder.