How to check if your Facebook account was affected by the recent hack

Facebook CEO Mark
Zuckerberg.
Photo by Chip
Somodevilla/Getty Images

• Facebook was hacked through a vulnerability in the site’s
  “View As” feature.
• As a result, Facebook reset users’ accounts to protect their
  security. Nearly 50 million people were affected by the hack, and
  Facebook reset the accounts of another 40 million users as a
  “precautionary step.”
• For now, the “View As” feature will not be available to use,
  and trying to use it will result in an error message.

News of a hack affecting 50 million Facebook users made waves
Friday among the social network’s more than 2 billion monthly active
users.

A vulnerability in the site’s “View As” feature, which lets users
see what their profile looks like from someone else’s view,
allowed an attacker to steal access tokens that would provide
entry to people’s personal accounts, Facebook said in a
blog post.

Between the estimated 50 million accounts whose access tokens
were compromised, and the 40 million more users whose accounts
Facebook reset as a “precautionary step,” an estimated 90 million
users were logged out of their Facebook accounts on Friday.

The affected “access tokens” are what keep users logged into
Facebook on their devices, and saves them from having to re-enter
their password every time they want to use the site. Because of
the hack, Facebook has already reset these access tokens, which
means that if you were affected by the hack, you’ll notice that
you have been automatically logged out of your Facebook account,
as well as any other apps that use Facebook to login. 

Although you will to have to log back into your account,
you do not have to change your passwords, Facebook said.

Facebook wrote in its post that affected users “will get a
notification at the top of their News Feed explaining what
happened” after logging back in. However, several Business
Insider reporters who were required to log back into their
accounts said they did not see any type of message upon
re-entry.

The “View As” feature, the source of the vulnerability, has
been disabled for the time being. The feature became open to
attack in July 2017 when Facebook edited its video uploading,
Facebook said.
 If you try to access the “View
As” feature now, an error message appears saying that it has been
“temporarily disabled”:

Facebook

Facebook CEO Mark Zuckerberg posted Friday that the
company was unsure whether the affected accounts were actually
accessed. He emphasized that logging out the additional 40
million people — which includes users who have ever used the
“View As” feature — was simply precautionary. 

“We face constant attacks from people who want to take over
accounts or steal information around the world,” Zuckerberg
wrote. “While I’m glad we found this, fixed the vulnerability,
and secured the accounts that may be at risk, the reality is we
need to continue developing new tools to prevent this from
happening in the first place.”