Facebook hack gets worse as company admits Instagram and other apps were exposed too

The Facebook hack is even worse than was at first clear, the company has admitted.

The site had already admitted that a hole in its code would allow people to gain access to any account, in a problem that affected some 50 million users.

But it later said that the problem would also affect its "Facebook Login" service, which allows other apps to use people's Facebook account to login.

Shape Created with Sketch.

How to stop Facebook from revealing everything about you

Show all 9

left Created with Sketch.

right Created with Sketch.

Shape Created with Sketch.

How to stop Facebook from revealing everything about you

1/9

Lock your profile down

If you haven’t done this already, do it now. In Settings, hit the Privacy tab. From here, you can control who gets to see your future posts and friends list. Choose from Public, Friends, Only Me and Custom in the dropdown menu.

2/9

Limit old posts

Annoyingly, changing this has no effect on who’s able to see your past Facebook posts. Instead, on the Privacy page, you have to click on Limit Past Posts, then select Limit Old Posts and finally hit Confirm on the pop-up.

3/9

Make yourself harder to find

You can stop completely random people from adding you by selecting Friends of Friends from the dropdown menu in the Who can send you friend requests? section of the Privacy page. It’s also worth limiting who can find your Facebook profile with your number and email address. At the bottom of the page is the option to prevent search engines outside of Facebook from linking to your profile.

4/9

Control access to your Timeline

You can limit who gets to post things on your Timeline and who gets to see posts on your Timeline too. In Settings, go to Timeline and Tagging and edit the sections you want to lock down.

5/9

Block people

When you block someone, they won’t be able to see things you post on your Timeline, tag you, invite you to events or groups, start conversations with you or add you as a friend. To do it, go to Settings and Blocking. Annoyingly, you have to block people on Messenger separately. You can also add friends to your Restricted list here, which means they’ll still be friends with you but will only be able to see your public posts and things you share on a mutual friend's Timeline.

6/9

Review tags

One of Facebook’s handiest privacy features is the ability to review posts you’re tagged in before they appear on your Timeline. They’ll still be visible on the News Feed while they’re fresh, but won’t be tied to your profile forever. In Timeline and Tagging, enable Timeline review controls.

7/9

Clean up your apps

You can view a list of all of the apps you’ve connected to your Facebook account by going to Settings and Apps. The list might be longer than you expected it to be. It’s worth tidying this up to ensure things you no longer use lose access to your personal information. If you don’t want to log into websites and apps with your facebook account, scroll down and turn Platform off.

8/9

Change your ad preferences

You can view a list of everything Facebook thinks you’re into and tinker with your ad preferences by going to Settings and Adverts. A lot more information is displayed on the desktop site than the app, so we’d recommend doing this on a computer.

9/9

Download your data

Facebook lets you download all of the data it has on you, including the posts you’ve shared, your messages and photos, ads you’ve clicked on and even the IP addresses that are logged when you log in or out of the site. It’s a hell of a lot of information, which you should download to ensure you never over-share on the social network again.

1/9

Lock your profile down

If you haven’t done this already, do it now. In Settings, hit the Privacy tab. From here, you can control who gets to see your future posts and friends list. Choose from Public, Friends, Only Me and Custom in the dropdown menu.

2/9

Limit old posts

Annoyingly, changing this has no effect on who’s able to see your past Facebook posts. Instead, on the Privacy page, you have to click on Limit Past Posts, then select Limit Old Posts and finally hit Confirm on the pop-up.

3/9

Make yourself harder to find

You can stop completely random people from adding you by selecting Friends of Friends from the dropdown menu in the Who can send you friend requests? section of the Privacy page. It’s also worth limiting who can find your Facebook profile with your number and email address. At the bottom of the page is the option to prevent search engines outside of Facebook from linking to your profile.

4/9

Control access to your Timeline

You can limit who gets to post things on your Timeline and who gets to see posts on your Timeline too. In Settings, go to Timeline and Tagging and edit the sections you want to lock down.

5/9

Block people

When you block someone, they won’t be able to see things you post on your Timeline, tag you, invite you to events or groups, start conversations with you or add you as a friend. To do it, go to Settings and Blocking. Annoyingly, you have to block people on Messenger separately. You can also add friends to your Restricted list here, which means they’ll still be friends with you but will only be able to see your public posts and things you share on a mutual friend's Timeline.

6/9

Review tags

One of Facebook’s handiest privacy features is the ability to review posts you’re tagged in before they appear on your Timeline. They’ll still be visible on the News Feed while they’re fresh, but won’t be tied to your profile forever. In Timeline and Tagging, enable Timeline review controls.

7/9

Clean up your apps

You can view a list of all of the apps you’ve connected to your Facebook account by going to Settings and Apps. The list might be longer than you expected it to be. It’s worth tidying this up to ensure things you no longer use lose access to your personal information. If you don’t want to log into websites and apps with your facebook account, scroll down and turn Platform off.

8/9

Change your ad preferences

You can view a list of everything Facebook thinks you’re into and tinker with your ad preferences by going to Settings and Adverts. A lot more information is displayed on the desktop site than the app, so we’d recommend doing this on a computer.

9/9

Download your data

Facebook lets you download all of the data it has on you, including the posts you’ve shared, your messages and photos, ads you’ve clicked on and even the IP addresses that are logged when you log in or out of the site. It’s a hell of a lot of information, which you should download to ensure you never over-share on the social network again.

That means that once a hacker had access to a person's Facebook account, they could make their way through the rest of their digital life. That might include other Facebook apps like Instagram but also third-party ones that use the login service, such as Tinder.

"The vulnerability was on Facebook, but these access tokens enabled someone to use the account as if they were the account-holder themselves," said Guy Rosen, Facebook's vice president of product management, who disclosed the vulnerability in a blog post on Friday.

The latest hack involved bugs in Facebook's "View As" feature, which lets people see how their profiles appear to others. The attackers used that vulnerability to steal the digital keys, known as "access tokens," from the accounts of people whose profiles were searched for using the "View As" feature. The attack then moved along from one user's Facebook friend to another. Possession of those tokens would allow attackers to control those accounts.

One of the bugs was more than a year old and affected how the "View As" feature interacted with Facebook's video uploading feature for posting "happy birthday" messages, said Mr Rosen. But it wasn't until mid-September that Facebook noticed an uptick in unusual activity, and not until this week that it learned of the attack, he said

The nature of the hack means that there is little users can do to protect themselves. Facebook says it has already fixed the flaw by logging everyone out of their accounts and suspending the "view as" feature.

“There is no evidence that people have to take action such as changing their passwords or deleting their profiles," said a spokesperson for the National Cyber Security Centre.

“However, users should be particularly vigilant to possible phishing attacks, as if data has been accessed it could be used to make scam messages more credible.”

Similar Articles:

Facebook admits its camera-equipped listening device can collect your data for ads

Facebook admits its camera-equipped listening device can collect your data for ads

Reasons not to use (i.e., be used by) Facebook

Reasons not to use (i.e., be used by) Facebook

Facebook Data Breach Affects At Least 50 Million Users

Facebook Data Breach Affects At Least 50 Million Users

Why I deleted my Facebook account – Owen Selles – Medium

Why I deleted my Facebook account – Owen Selles – Medium