HKCert
Security Blog

Please act now to enhance the protection of your Facebook account

Release Date: 29 / 09 / 2018
Last Update: 29 / 09 / 2018

It was reported that a vulnerability in "View as" function of Facebook was exploited and affected 50 million users. The vulnerability not only affected Facebook account. If you use Facebook account as authentication for other third party online services, it is possible that an attacker getting control of your Facebook account can also gain access to those third party services. As Facebook is widely used by local community and organizations, we would urge the public to secure and enhance the protection of your Facebook account.

 

Mitigation Measures

  • Facebook has identified which users were impacted and forced logout of those users. If you have been logged out of Facebook account, please re-login the account as instructed.
  • As precaution measures for safeguarding Facebook login, you may also take the following actions:
    • After login Facebook, remove all authorized logins (Settings → Security and login → Authorized logins)
    • If you have used "Log in using your profile picture", also remove all active logins (Settings → Security and login → Log in using your profile picture)
  • As precaution measure for safeguarding third party apps and websites access using Facebook authentication, please follow the steps below:
    1. Go to "settings"
    2. Go to "Apps and websites"
    3. Go to "logged in with Facebook"
    4. Select all apps and websites in both "Active" and "Expired" tabs, and then click  "Remove" button to proceed
    5. Click "Done" button to finish
  • As precaution measure, it is also recommended to turn off the interaction with Apps, Websites and Games (Note: Anything related to these apps, websites and games including accounts, activities, posts, photos, videos etc. may be deleted):
    1. Go to “Settings“
    2. Click “Edit” button in  “Apps, Websites and Games” section. 
    3. Click “turn off” button to turn off the related interactions

 

Enhance Facebook Security

  • Enable 2-factor authentication to enhance the login security (Settings → Security and login → Use two-factor authentication).
  • You may also consider configure "Get alerts about unrecognised logins" and "Choose 3 to 5 friends to contact if you are locked out" (Settings → Security and login → Setting up extra security) to get notifications or assistance when encountering unauthorized login attempts to your account.

 

Reference