September 2018 - facebook breach

Discovered on September 25, 2018 - Facebook Engineers found 3 programming bugs (and they were breached) in their code that would allow hackers to take full control over the Facebook account using this feature to "view as".  The "view as" feature allows users to see what their profile looks like as someone else and was introduced July of 2017.  This security hole had to do with the ability to stay logged into multiple browsing sessions.  Hackers stole these tokens and used them to take over accounts.  The "Bugs" have been patched as of today, September 28, 2018.  Facebook will be notifying all affected users.  Facebook noticed unusual activity on September 16th and as of this writing do not know when the hack took place nor the group involved.

The company says it has not yet seen evidence that the hackers accessed private messages or made posts on users’ behalf, but they did attempt to access certain profile information.

What should you do if you have a Facebook Account:
- Change your password immediately
- Enable multi-factor authentication
- Disconnect third party web sites that allow you to login as your "facebook" user.  (I know this is easier said than done; but it is worth it)

Change your password on Facebook:

  1. Click account settings in the top right corner of any Facebook page and select Settings.
  2. Click Security and Login.
  3. Click Edit next to Change Password.
  4. Click Save Changes.

Enable Multi-Factor Authentication on Facebook:

  1. Go to your Security and Login Settings by clicking in the top-right corner of Facebook and clicking Settings > Security and Login.
  2. Scroll down to Use two-factor authentication and click Edit.