Facebook logo

As many of you may have read, Facebook announced on Friday, 28 September that they were hacked.  While they are still working through the details, it looks like over 50 million accounts were affected.  The attack worked by taking advantage of Facebook’s “View As” feature.  No passwords were compromised, instead it is believed the attackers gained access to peoples’ authentication tokens which meant the attackers could login as people who were already logged in.  As a safety precaution, Facebook is resetting the connection of the 50 million affected people, forcing them to login in again, and is requiring it for another 40 million accounts as a precaution.  Your workforce may have questions about this hack and be looking to you for information.  Below is a template you can use (feel free to edit the template) to reach out to and inform your organization.  In addition, this is a great opportunity to remind them about key security behaviors that help them at both work and home.  Whenever communicating about a large, public incident there are a couple of things to keep in mind.

  • Stick to the Known Facts.  There will be a growing number of guesses, finger pointing and opinions in the coming days, do not share those as most will be wrong and/or change.
  • This is Not the Victim's Fault.  Big incidents like this are a growing problem in the age of big data and complex systems.  Make sure people understand this is not their fault.

Folks, you may have recently read in the news about a cybersecurity incident at Facebook.  We wanted to share some facts so you can better understand what happened, what you should do and how to protect yourself in the future.  On Friday, 28 September Facebook announced they discovered they were hacked.  Cyber attackers had identified a flaw in Facebook’s website that allowed them to take over and access people’s Facebook accounts that were already logged in.  No passwords were compromised.  Facebook has fixed the vulnerabilities in their website and is forcing most people to log in again to make sure cyber attackers no longer have access to their accounts.  There is no action you have to take yourself right now as Facebook is taking the necessary steps to help protect you.  However, we wanted to remind you of a few key steps to secure your online accounts.

Our security team is here to help you out, if you have any questions please let us know.