Reposted from: The Wall Street Journal:
It’s time to check up on your Facebook settings again but this time, it’s more about security than privacy: The company announced Friday the discovery of a security vulnerability that may have affected nearly 50 million accounts.
Attackers were able to steal the digital keys—also known as access tokens—that keep people logged in because of an issue with Facebook’s “view as” feature. This tool, now disabled, let people see what their profile page looks like to others.
Facebook Inc. said it has yet to determine whether anyone’s information was misused or accessed, but the company reset the access tokens for the 50 million people affected—plus an additional 40 million people who were “subject to a ‘view as’ lookup in the past year.”
If you’re one of those people, you can expect to be logged out of your account and any apps you log into with Facebook. Next time you go back, you’ll get a password prompt.
When you log back in, you might see a notification at the top of your news feed explaining what happened.
The company also suggested “precautionary steps” users can take, namely logging out everywhere they’re currently logged in. You should log off from any computers or devices you don’t actively use because there is an access token associated with each one. Here’s how:
In the app, click on the three horizontal lines at the bottom right corner, then click Settings & Privacy, then Settings, then Security and Login. (If you’re on the website, click on the downward arrow in the top right-hand corner and select Settings then Security and Login.)
Next, you’ll see a section that says “Where you’re logged in” and you can click “See more” to view the list of all the places you’re logged in. There’s a one-tap option at the bottom of that list that can log you out of all sessions at once.
There’s also the option to go through each login individually. Tap the three vertical dots then select “Log out” or—if you suspect something fishy—“Not you?”
If you select “Not you?” Facebook will take you through an account review and tell you if there has been any unusual activity.