FTC's Division of Consumer and Business Education issued an alert to all Facebook users after the security incident affecting the social network which forced it to reset access tokens for 90 million possibly affected accounts.
On September 28, Guy Rosen, Facebook's VP of Product Management, made an announcement detailing how around 50 million Facebook user accounts were affected by a security issue in the "View As" feature introduced via a video uploading code change from July 2017.
The attackers were reportedly able to get their hands on access tokens which can be used to take over all affected Facebook user accounts, allowing the threat actors to use the Facebook accounts without the need to re-enter the password each time.
Subsequently, Facebook reset the access tokens of all 50 million users affected by the security issue to protect their profiles' security, as well as for another 40 million accounts where the "View As" feature was used during the last year.
FTC's Division of Consumer and Business Education alert recommends to all Facebook users to keep their eyes open seeing that immediately following security breaches of this size crooks are doing rounds trying to scam people out of money using cold calling tactics and trying to impersonate business partners.
Facebook users are advised to change their passwords and to watch out for phone scams
Furthermore, Facebook users are encouraged to change their passwords as an extra precaution even though Facebook said that there is no need for that.
Additionally, according to FTC's Division of Consumer and Business Education, changing one's security questions is also a good idea, even more so if the answers were using info available in the Facebook profile.
We also recommend enabling two-factor authentication via e-mail, seeing that using your phone number for this added level of security you will also have to agree with Facebook adding it to your advertising profile and allowing advertisers to target it in future campaigns.
On October 2, Rosen published an update about last week's security incident saying that third-party apps using the Facebook login features were not affected.
"We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week," said Rosen. "That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login."