On Friday, Facebook announced it had discovered a security issue affecting almost 50 million accounts.
It said hackers exploited a vulnerability affecting its “View As” feature, which lets you see what your profile looks like to someone else.
David Shipley, CEO of Beauceron Security in Fredericton, said the attackers stole “access tokens” — digital keys which keep people logged into Facebook.
Facebook said the hackers may have also accessed other third-party apps which allow you to use your Facebook login instead of creating your own account.
The company has reset the affected access tokens and 40 million others as a precaution, meaning those people will have to log in again.
Shipley said this is a good time for all users — even those not affected by a breath — to create a new, unique password.
“Even these giant services can be breached,” Shipley said. “If you reuse a password and they have incidents like this — and right now, they’re saying it’s just the token but it could have been worse — than it’s really easy for attackers to take your email or your identity and try that in every online service.”
If you are worried about trying to remember all of those passwords, Shipley recommends using a password manager like LastPass.