Cybersecurity Awareness Month: What users can do in response to Facebook cyberattack and data breach

Now in its 15th year, National Cybersecurity Awareness Month (observed in October) promotes the importance of protecting against hackers, online scammers and other cyber-threats. Case Western Reserve University goes to great lengths to secure its community against attacks and maintain data integrity and privacy. Over the next several weeks, University Technology’s ([U]Tech) Information Security Office (ISO) will share information on different facets of cybersecurity.

The Facebook Breach

Just at the end of September, reports came out of a large-scale data breach of Facebook in which hackers exploited vulnerabilities in the app’s system to access the personal information from up to 90 million accounts. A full explanation of the situation can be found on the ISO’s website.

The ISO would like the community to be aware of the following information.

Determining affected accounts

If any users were among the many who were suddenly logged out of Facebook on all of their devices at some point on the morning of Friday, Sept. 28, then there is reason to believe their accounts were among the 90 million affected. Affected users will receive a notification from Facebook at the top of their News Feed when logging back into their account, explaining what happened and what steps to take moving forward.

What to do

Make a habit of reviewing all log-in activity for Facebook. To do so: Go to Settings, then Security and Login, then Where You’re Logged In. Click on “See More” and scan the list to see if there are any unfamiliar devices accessing the account.

Similarly, take the opportunity to review third party apps that use the “Log In Using Facebook” method. To do so: Go to Settings, then Apps and Websites. Click “See More” to view all the apps, and remove unused or unneeded connections.

To increase overall security, don’t re-use Facebook credentials across websites and apps. Use LastPass password manager software instead, to create unique credentials accessible from all of an owner’s devices.