Just last week, Google announced that it will shut down its once-popular Google+ platform. Why? Not because Google execs themselves haven’t used the platform for ages. It turns out that the techies at Google discovered in March—yet did not disclose—that a security bug had been letting third-party developers access user profile data since 2015.
But despite Google’s moment in the data security spotlight, the world is still grappling with a much more serious social media breach: the massive Facebook hack that gave attackers control of 50 million accounts.
Here’s what you need to know about the latest Facebook hack, including how to find out if your account was affected.
How did the Facebook hack happen?
On Sept. 28, still reeling from the Cambridge Analytica scandal, Facebook announced that 50 million accounts were affected by yet another security breach. But this time, hackers were able to take direct control of those accounts, adding another dramatic dimension to an already serious security issue.
On a recent conference panel, Facebook’s VP of Global Marketing Solutions called the attackers an “odorless, weightless intruder” undetected until they made a particular move that alerted Facebook. That “move” was a sharp increase in Facebook users accessing their accounts on Sept. 16. A Facebook investigation uncovered the breach nine days later.
The company says the first bug caused the platform’s “video upload” feature to show up on the “View As” page. Another bug triggered the uploader to create an access token with the same sign-in permissions as the Facebook mobile app. When the uploader showed up on the “View As” page, it generated an access code for the hacker.
The bug has been patched by Facebook, yet many questions are still unanswered. Who are the hackers? Could it happen again? Facebook is currently working with the United States Federal Bureau of Investigation to find out who was behind the massive attack.
How to know if you’re affected
After Facebook discovered the bug, the social media giant automatically logged out 90 million users on Sept. 28—the 50 million affected, plus 40 million more that could possibly be. If you were one of those accounts, that’s the first sign that your account could have been compromised. When you logged back into Facebook, you would have seen a message at the top of your news feed about the breach with a link to “learn more.”
If you weren’t logged out but want to be extra careful—not a bad idea, given the current cybersecurity landscape—you can visit this page on your Facebook account to see all the places where you’re currently logged in. Then, log out of any that look suspicious.
And in the meantime, you should probably delete your Google+ account, as well.
What the hack means for the cybersecurity landscape
The latest hack is serious enough on its own, but there’s an even bigger picture here. Companies can, but typically failed to, take security precautions that would limit the impact of the Facebook hack and other breaches. WIRED has dubbed the situation “an internet-wide failure”—one where the solution is largely out of Facebook’s hands.
In a cybersecurity landscape where breaches get more serious, and costly, by the minute, it’s crucial to have a comprehensive strategy that ensures your company is minimizing risk before a security issue occurs—not scrambling to control the damage after hackers strike.
The Facebook attack also represents the first major test for Europe’s new GDPR regulations, which could cost Facebook as much as 4% of its annual revenue if the company is found in violation. If your company does business in Europe—no matter where you’re headquartered—it’s crucial to enlist a cybersecurity expert who can help you navigate these stringent laws and safeguard your data.
In a call with reporters shortly after the latest breach, Facebook CEO Mark Zuckerberg called cybersecurity the new “arms race.” As hackers get savvier and security becomes synonymous with an organization’s success, those that fail to take cybersecurity seriously will lose the race.