For the heck of avoiding hack

Sangeet Toor 

At the end of September, Facebook revealed a massive hack of its user accounts. It ball-parked the figure at 50 million accounts. This month too Facebook came back with more information and a better guess of the number of accounts impacted — 30 million accounts.

What led to the hack? 

“View As” is a feature on Facebook that allows users to see how their account will look like to the public. The attackers took control of 40,000 accounts first, added “friends” to these accounts, and then stole access tokens using the security hole in the “View As” feature. 

To know if your account is hacked

• For the impacted accounts, Facebook will send customised messages in the news feed.
• Alternatively, users can login to their Facebook account. Click on the quick help button shown as a question mark, click on the help centre, click on manage your account, and in the drop down menu click on the notifications. If your account is impacted, an exclusive message will be waiting for you.

How did Facebook contain the attack?

• The “View As” feature has been disabled.
• The vulnerability has been patched.
• Access tokens for the affected accounts have been reset.

Precautions to be taken

Please keep in mind that as soon as a big hack takes place, a lot of other, less sophisticated hackers and scammers become active. Such elements can reach out to you via social media, email, phone or WhatsApp asking you for your login information in order to secure your account. Your password is safe. You don’t need to reset the password unless you haven’t done so in a year, or if your password is your husband’s name. As a rule, companies don’t reach out to you on such media to secure your accounts, so as a rule:

• Don’t engage with callers who offer help and go on to ask your password or credit card information.
• Don’t click on an email from a stranger pleading you to click on a link in the email to reset password.
• Don’t click on a link in a WhatsApp text message to secure your applications or accounts.
• Don’t click on a message in Facebook messenger or Facebook application asking you for personal and sensitive information.

Steps to secure personal information

Personal information is meant to be private. Social media hacks are here to stay. There are ways you can limit the damage:

• Give only the essential information when opening a social media account. For example, your address can be more generic, and nobody is going to shut your account down for giving out wrong date of birth.
• Limit the use of social media credentials to log in to other websites.
• Change passwords frequently and set them as random string of numbers, alphabets and special characters. If your husband’s name is Gurpreet, your password can be G00rpr33t*#! 

Breakdown of the hacked accounts

• 1 million: No data is stolen from these accounts.
• 15 million: Limited information is stolen from these accounts. The information includes email address, full name and phone number.
• 14 million: These are the accounts worst affected. In addition to the above information, they also lost more sensitive information like date of birth, last 10 places visited, and last 15 searches done in the Facebook search bar.