After Facebook's hack, there's a lot of useless post-breach advice
October 03, 2018 / ALFRED NG
If someone is telling you that you should change your passwords after Facebook's breach, stop. The advice is completely useless for the 50 million people potentially affected by a security flaw, announced Sept. 28, in Facebook's "View As" feature. And yet, organizations like the US government's Federal Trade Commission continue to suggest it. When hackers hijacked millions of Facebook accounts, passwords weren't stolen. The attackers took access tokens, which are digital keys granted to users after the first login so they won't need a password for future sessions. Facebook automatically reset access tokens for the people affected, as well as an additional 40 million people as a precaution, the company said on Friday, adding that because of this there's no need to change passwords.