Facebook account hack FAQ: What happened, how it affects you, and what you should do now

Credit: Gerd Altmann

Facebook has announced a massive security issue affecting at least 50 million of its 2.23 billion active users. While the company is still investigating the issue, it already has taken steps to stop the exploit and protect users. Here’s what we know so far:

What happened?

Facebook says its engineering team discovered a security threat that could allow a hacker “to steal Facebook access tokens which they could then use to take over people’s accounts.”

When did the attack occur?

It’s unclear exactly when the accounts were breached, but Facebook discovered the issue on Tuesday, September 25. The issue stems from a change Facebook made to its video uploading feature in July 2017, so it’s possible the vulnerability went unnoticed for a long time.

How did the hackers get in?

This attack exploited the complex interaction of multiple issues in Facebook’s code, the company said. The attackers exploited a vulnerability in Facebook’s code related to the “View As” feature, which is designed to let users see how their profile appears on other people’s screens. If you used the feature, hackers were able to steal your access token and potentially take over your account.

What’s an access token?

An access token is the thing your browser uses to keep you logged in to your Facebook account after signing in once.

Has the vulnerability been fixed?

According to Facebook, the exploit was patched on Thursday, September 27.

How do I know if my account has been affected?