Facebook recently disclosed that the security of 50 million profiles was compromised when attackers stole “access tokens” that allowed them to break into these accounts.



Facebook discovered the breach Tuesday, Sept. 25, and it reset access tokens, forcing users to log back in to their accounts, on Thursday, Sept. 27. The company disclosed the attack last Friday.

In addition to Facebook accounts, the stolen access tokens may also compromise accounts on any third-party website that uses Facebook Login.



Some people are unsure about what that means for the security of their Facebook accounts, so here’s a breakdown of everything we know.

First, it’s likely that the breach impacted you.

Facebook reset the access tokens of 50 million compromised accounts, and as a precaution, it reset another 40 million accounts that it thinks may have been breached.

By resetting the tokens, Facebook rendered the stolen tokens invalid. Users were forced to reenter their passwords and log back in to their Facebook accounts.

While WhatsApp users are not affected (WhatsApp is owned by Facebook), Instagram users might be, so the company prompted Instagram users to unlink and relink their Facebook accounts.

You don’t necessarily need to change your password, but you should review where you’re logged in to Facebook.

An access token isn’t a password. It’s a string of characters that allows you to stay signed in to Facebook. Access tokens are like “digital keys,” Facebook says, that keep you logged in to your Facebook account even when you’re not actively using Facebook, so you don’t have to reenter a password every time you visit.

There’s not much more you can do about the breach, since Facebook’s already reset these access tokens.

However, you should visit Facebook’s Security settings page (https://www.facebook.com/settings?tab=security) and review the section “Where You’re Logged In.” Click on the icon to the right to log out of your Facebook account on inactive devices.

On an iPhone, you can get to the Security settings page by tapping on menu (bottom right), scrolling down to Settings & Privacy, selecting Settings, and selecting Security and Login.