On the latest Facebook breach

This will likely be an evergreen title. Right now it refers to the news that 50 million users were impacted by the exploitation of the token bug. Given Facebook’s tendency to roll out reveals of how bad breaches really are I expect to learn far more accounts were impacted and were more deeply impacted than first indicated.

While these data horses have long left the barn a few precautions to take.

1) Change your password on Facebook and all Facebook owned apps (What’s App, Instagram). While word at this time is it isn’t necessary to change passwords it is good cyber hygiene to do so regularly and this a good reminder.

2) Revoke app permissions on your Facebook account. When you use Facebook to log into dating, game, streaming apps, and websites the other entity adds an app to your Facebook profile. Usually the app requires permission to siphon off information from your Facebook account. Using Facebook to login to other sites and apps is more convenient, but leaves your data vulnerable on both sides of the transaction. It is better to silo apps by using the in app login option.

3) Usually I would be saying absolutely implement two-factor authorization on Facebook, but given the news this week that they are taking advantage of the security practice to give advertisers access to users’ shadow contact information